CVE-2023-52518
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52518
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52518.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52518
- Downstream
- Related
- Published
- 2024-03-02T21:54:47Z
- Modified
- 2025-10-14T05:20:34.290464Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Bluetooth: hci_codec: Fix leaking content of local_codecs
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hcicodec: Fix leaking content of localcodecs
The following memory leak can be observed when the controller supports codecs which are stored in local_codecs list but the elements are never freed:
unreferenced object 0xffff88800221d840 (size 32): comm "kworker/u3:0", pid 36, jiffies 4294898739 (age 127.060s) hex dump (first 32 bytes): f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff ..........!..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffffb324f557>] _kmalloc+0x47/0x120 [<ffffffffb39ef37d>] hcicodeclistadd.isra.0+0x2d/0x160 [<ffffffffb39ef643>] hcireadcodeccapabilities+0x183/0x270 [<ffffffffb39ef9ab>] hcireadsupportedcodecs+0x1bb/0x2d0 [<ffffffffb39f162e>] hcireadlocalcodecssync+0x3e/0x60 [<ffffffffb39ff1b3>] hcidevopensync+0x943/0x11e0 [<ffffffffb396d55d>] hcipoweron+0x10d/0x3f0 [<ffffffffb30c99b4>] processonework+0x404/0x800 [<ffffffffb30ca134>] workerthread+0x374/0x670 [<ffffffffb30d9108>] kthread+0x188/0x1c0 [<ffffffffb304db6b>] retfromfork+0x2b/0x50 [<ffffffffb300206a>] retfromfork_asm+0x1a/0x30
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8961987f3f5fa2f2618e72304d013c8dd5e604a6Fixed626535077ba9dc110787540d1fe24881094c15a1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8961987f3f5fa2f2618e72304d013c8dd5e604a6Fixedeea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8961987f3f5fa2f2618e72304d013c8dd5e604a6Fixedb938790e70540bf4f2e653dcd74b232494d06c8f
Affected versions
v5.*
v5.14
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.5.1
v6.5.2
v6.5.3
v6.5.4
v6.5.5
v6.5.6
v6.6-rc1
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"target": {
"file": "net/bluetooth/hci_sync.c",
"function": "hci_dev_close_sync"
},
"id": "CVE-2023-52518-255c5045",
"digest": {
"length": 2606.0,
"function_hash": "138388566095515076952124836524431803041"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b938790e70540bf4f2e653dcd74b232494d06c8f",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_release_dev"
},
"id": "CVE-2023-52518-257fbf91",
"digest": {
"length": 748.0,
"function_hash": "269612816867665299279485723838663326509"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@626535077ba9dc110787540d1fe24881094c15a1",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_release_dev"
},
"id": "CVE-2023-52518-27f24860",
"digest": {
"length": 748.0,
"function_hash": "269612816867665299279485723838663326509"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "net/bluetooth/hci_core.c"
},
"id": "CVE-2023-52518-2abf6b4d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"33943256398421284035012376557771855229",
"34230078953617088054735732913110411688",
"223702392381093982727326718695889451804",
"65468377724186977175654261422465525085"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b938790e70540bf4f2e653dcd74b232494d06c8f",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "net/bluetooth/hci_event.c"
},
"id": "CVE-2023-52518-4e04679f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"168677874375001215161149845090803591641",
"234424866714265517135235150320131445873",
"72143148703625248671423633201073550190",
"15124507207556745863693436202741850439"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@626535077ba9dc110787540d1fe24881094c15a1",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "net/bluetooth/hci_sync.c"
},
"id": "CVE-2023-52518-64e4912c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"34695787841259042656178294908306207390",
"80608938881490404418292027492665187501",
"258794377161775654593054446709620584307",
"73219624278508598001330876014715152894"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "net/bluetooth/hci_core.c",
"function": "hci_release_dev"
},
"id": "CVE-2023-52518-75ec742e",
"digest": {
"length": 748.0,
"function_hash": "269612816867665299279485723838663326509"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b938790e70540bf4f2e653dcd74b232494d06c8f",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "net/bluetooth/hci_sync.c",
"function": "hci_dev_close_sync"
},
"id": "CVE-2023-52518-794ca697",
"digest": {
"length": 2606.0,
"function_hash": "138388566095515076952124836524431803041"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "net/bluetooth/hci_sync.c"
},
"id": "CVE-2023-52518-86ee8174",
"digest": {
"threshold": 0.9,
"line_hashes": [
"34695787841259042656178294908306207390",
"80608938881490404418292027492665187501",
"258794377161775654593054446709620584307",
"73219624278508598001330876014715152894"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b938790e70540bf4f2e653dcd74b232494d06c8f",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "net/bluetooth/hci_sync.c"
},
"id": "CVE-2023-52518-94156912",
"digest": {
"threshold": 0.9,
"line_hashes": [
"34695787841259042656178294908306207390",
"80608938881490404418292027492665187501",
"258794377161775654593054446709620584307",
"73219624278508598001330876014715152894"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@626535077ba9dc110787540d1fe24881094c15a1",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "net/bluetooth/hci_core.c"
},
"id": "CVE-2023-52518-99cfc6d2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"33943256398421284035012376557771855229",
"34230078953617088054735732913110411688",
"223702392381093982727326718695889451804",
"65468377724186977175654261422465525085"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1",
"signature_version": "v1"
},
{
"signature_type": "Function",
"target": {
"file": "net/bluetooth/hci_sync.c",
"function": "hci_dev_close_sync"
},
"id": "CVE-2023-52518-a387798f",
"digest": {
"length": 2606.0,
"function_hash": "138388566095515076952124836524431803041"
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@626535077ba9dc110787540d1fe24881094c15a1",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "net/bluetooth/hci_event.c"
},
"id": "CVE-2023-52518-b0602f1c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"168677874375001215161149845090803591641",
"234424866714265517135235150320131445873",
"72143148703625248671423633201073550190",
"15124507207556745863693436202741850439"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "net/bluetooth/hci_event.c"
},
"id": "CVE-2023-52518-cd0d8553",
"digest": {
"threshold": 0.9,
"line_hashes": [
"168677874375001215161149845090803591641",
"234424866714265517135235150320131445873",
"72143148703625248671423633201073550190",
"15124507207556745863693436202741850439"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b938790e70540bf4f2e653dcd74b232494d06c8f",
"signature_version": "v1"
},
{
"signature_type": "Line",
"target": {
"file": "net/bluetooth/hci_core.c"
},
"id": "CVE-2023-52518-eae0d61c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"33943256398421284035012376557771855229",
"34230078953617088054735732913110411688",
"223702392381093982727326718695889451804",
"65468377724186977175654261422465525085"
]
},
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@626535077ba9dc110787540d1fe24881094c15a1",
"signature_version": "v1"
}
]
}