nvd-json-data-feeds/CVE-2023/CVE-2023-528xx/CVE-2023-52830.json

{
  "id": "CVE-2023-52830",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-21T16:15:20.670",
  "lastModified": "2024-05-21T16:53:56.550",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix double free in hci_conn_cleanup\n\nsyzbot reports a slab use-after-free in hci_conn_hash_flush [1].\nAfter releasing an object using hci_conn_del_sysfs in the\nhci_conn_cleanup function, releasing the same object again\nusing the hci_dev_put and hci_conn_put functions causes a double free.\nHere's a simplified flow:\n\nhci_conn_del_sysfs:\n  hci_dev_put\n    put_device\n      kobject_put\n        kref_put\n          kobject_release\n            kobject_cleanup\n              kfree_const\n                kfree(name)\n\nhci_dev_put:\n  ...\n    kfree(name)\n\nhci_conn_put:\n  put_device\n    ...\n      kfree(name)\n\nThis patch drop the hci_dev_put and hci_conn_put function\ncall in hci_conn_cleanup function, because the object is\nfreed in hci_conn_del_sysfs function.\n\nThis patch also fixes the refcounting in hci_conn_add_sysfs() and\nhci_conn_del_sysfs() to take into account device_add() failures.\n\nThis fixes CVE-2023-28464."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/3c4236f1b2a715e878a06599fa8b0cc21f165d28",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/53d61daf35b1bbf3ae06e852ee107aa2f05b3776",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/56a4fdde95ed98d864611155f6728983e199e198",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/5c53afc766e07098429520b7677eaa164b593451",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/87624b1f9b781549e69f92db7ede012a21cec275",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/a85fb91e3d728bdfc80833167e8162cce8bc7004",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/ba7088769800d9892a7e4f35c3137a5b3e65410b",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/fc666d1b47518a18519241cae213de1babd4a4ba",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ]
}
Auto-Update: 2024-05-21T18:00:39.180206+00:00 2024-05-21 18:03:30 +00:00			`{`
			`"id": "CVE-2023-52830",`
			`"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"published": "2024-05-21T16:15:20.670",`
			`"lastModified": "2024-05-21T16:53:56.550",`
			`"vulnStatus": "Awaiting Analysis",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix double free in hci_conn_cleanup\n\nsyzbot reports a slab use-after-free in hci_conn_hash_flush [1].\nAfter releasing an object using hci_conn_del_sysfs in the\nhci_conn_cleanup function, releasing the same object again\nusing the hci_dev_put and hci_conn_put functions causes a double free.\nHere's a simplified flow:\n\nhci_conn_del_sysfs:\n hci_dev_put\n put_device\n kobject_put\n kref_put\n kobject_release\n kobject_cleanup\n kfree_const\n kfree(name)\n\nhci_dev_put:\n ...\n kfree(name)\n\nhci_conn_put:\n put_device\n ...\n kfree(name)\n\nThis patch drop the hci_dev_put and hci_conn_put function\ncall in hci_conn_cleanup function, because the object is\nfreed in hci_conn_del_sysfs function.\n\nThis patch also fixes the refcounting in hci_conn_add_sysfs() and\nhci_conn_del_sysfs() to take into account device_add() failures.\n\nThis fixes CVE-2023-28464."
			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://git.kernel.org/stable/c/3c4236f1b2a715e878a06599fa8b0cc21f165d28",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/53d61daf35b1bbf3ae06e852ee107aa2f05b3776",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/56a4fdde95ed98d864611155f6728983e199e198",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/5c53afc766e07098429520b7677eaa164b593451",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/87624b1f9b781549e69f92db7ede012a21cec275",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/a85fb91e3d728bdfc80833167e8162cce8bc7004",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/ba7088769800d9892a7e4f35c3137a5b3e65410b",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/fc666d1b47518a18519241cae213de1babd4a4ba",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`}`
			`]`
			`}`