AZL-75246

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75246.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-75246

Upstream

CVE-2023-53520

Published

2025-10-01T12:15:56Z

Modified

2026-04-01T05:22:50.124193Z

Summary

CVE-2023-53520 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: Fix hcisuspendsync crash

If hciunregisterdev() frees the hcidev object but hcisuspendnotifier may still be accessing it, it can cause the program to crash. Here's the call trace: <4>[102152.653246] Call Trace: <4>[102152.653254] hcisuspendsync+0x109/0x301 [bluetooth] <4>[102152.653259] hcisuspenddev+0x78/0xcd [bluetooth] <4>[102152.653263] hcisuspendnotifier+0x42/0x7a [bluetooth] <4>[102152.653268] notifiercall_chain+0x43/0x6b <4>[102152.653271] __blockingnotifiercall_chain+0x48/0x69 <4>[102152.653273] __pmnotifiercallchain+0x22/0x39 <4>[102152.653276] pmsuspend+0x287/0x57c <4>[102152.653278] statestore+0xae/0xe5 <4>[102152.653281] kernfsfop_write+0x109/0x173 <4>[102152.653284] __vfswrite+0x16f/0x1a2 <4>[102152.653287] ? selinuxfilepermission+0xca/0x16f <4>[102152.653289] ? securityfilepermission+0x36/0x109 <4>[102152.653291] vfswrite+0x114/0x21d <4>[102152.653293] __x64syswrite+0x7b/0xdb <4>[102152.653296] dosyscall64+0x59/0x194 <4>[102152.653299] entrySYSCALL64afterhwframe+0x5c/0xc1

This patch holds the reference count of the hcidev object while processing it in hcisuspend_notifier to avoid potential crash caused by the race condition.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-53520

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75246.json"