CVE-2023-53016
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-53016
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53016.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53016
- Downstream
- Related
- Published
- 2025-03-27T16:43:44Z
- Modified
- 2025-10-16T14:14:00.893718Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix possible deadlock in rfcommskstate_change
syzbot reports a possible deadlock in rfcommskstatechange [1]. While rfcommsockconnect acquires the sk lock and waits for the rfcomm lock, rfcommsock_release could have the rfcomm lock and hit a deadlock for acquiring the sk lock. Here's a simplified flow:
rfcommsockconnect: locksock(sk) rfcommdlcopen: rfcommlock()
rfcommsockrelease: rfcommsockshutdown: rfcommlock() _rfcommdlcclose: rfcommkstatechange: locksock(sk)
This patch drops the sk lock before calling rfcommdlcopen to avoid the possible deadlock and holds sk's reference count to prevent use-after-free after rfcommdlcopen completes.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1804fdf6e494e5e2938c65d8391690b59bcff897Fixed98aec50ff7f60cc6f2d6a4396b475c547e58b04d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1804fdf6e494e5e2938c65d8391690b59bcff897Fixed17511bd84871f4a6106cb335616e086880313f3f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1804fdf6e494e5e2938c65d8391690b59bcff897Fixed1d80d57ffcb55488f0ec0b77928d4f82d16b6a90
Affected versions
v5.*
v5.14
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.46
v5.15.47
v5.15.48
v5.15.49
v5.15.5
v5.15.50
v5.15.51
v5.15.52
v5.15.53
v5.15.54
v5.15.55
v5.15.56
v5.15.57
v5.15.58
v5.15.59
v5.15.6
v5.15.60
v5.15.61
v5.15.62
v5.15.63
v5.15.64
v5.15.65
v5.15.66
v5.15.67
v5.15.68
v5.15.69
v5.15.7
v5.15.70
v5.15.71
v5.15.72
v5.15.73
v5.15.74
v5.15.75
v5.15.76
v5.15.77
v5.15.78
v5.15.79
v5.15.8
v5.15.80
v5.15.81
v5.15.82
v5.15.83
v5.15.84
v5.15.85
v5.15.86
v5.15.87
v5.15.88
v5.15.89
v5.15.9
v5.15.90
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.2-rc1
v6.2-rc2
v6.2-rc3
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"id": "CVE-2023-53016-43fd1db0",
"target": {
"file": "net/bluetooth/rfcomm/sock.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@17511bd84871f4a6106cb335616e086880313f3f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"293544482282652225814435047686839185495",
"241703222409203014918754212455343408980",
"41029236433386118443373130351392219876",
"255666877071186605727813374382108612107",
"125952738305689412782340243383706822781",
"197392869392223757689631258111201942592",
"292847244176492383467079947907746238411",
"139126654219527833759859258591639649916",
"272037162081119188664498511914131955463",
"184830193619140928247025310894043962235",
"22764728914122676010232525561974586877",
"126709691600343261641769681464745656824",
"296396582326643495265548785277344422190"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2023-53016-62976e32",
"target": {
"function": "rfcomm_sock_connect",
"file": "net/bluetooth/rfcomm/sock.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@98aec50ff7f60cc6f2d6a4396b475c547e58b04d",
"digest": {
"function_hash": "75500296696873166781747932475475410779",
"length": 985.0
}
},
{
"signature_type": "Function",
"id": "CVE-2023-53016-78875ddd",
"target": {
"function": "rfcomm_sock_connect",
"file": "net/bluetooth/rfcomm/sock.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@17511bd84871f4a6106cb335616e086880313f3f",
"digest": {
"function_hash": "75500296696873166781747932475475410779",
"length": 985.0
}
},
{
"signature_type": "Line",
"id": "CVE-2023-53016-d37fc671",
"target": {
"file": "net/bluetooth/rfcomm/sock.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@98aec50ff7f60cc6f2d6a4396b475c547e58b04d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"293544482282652225814435047686839185495",
"241703222409203014918754212455343408980",
"41029236433386118443373130351392219876",
"255666877071186605727813374382108612107",
"125952738305689412782340243383706822781",
"197392869392223757689631258111201942592",
"292847244176492383467079947907746238411",
"139126654219527833759859258591639649916",
"272037162081119188664498511914131955463",
"184830193619140928247025310894043962235",
"22764728914122676010232525561974586877",
"126709691600343261641769681464745656824",
"296396582326643495265548785277344422190"
]
}
},
{
"signature_type": "Function",
"id": "CVE-2023-53016-eda98e0b",
"target": {
"function": "rfcomm_sock_connect",
"file": "net/bluetooth/rfcomm/sock.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d80d57ffcb55488f0ec0b77928d4f82d16b6a90",
"digest": {
"function_hash": "75500296696873166781747932475475410779",
"length": 985.0
}
},
{
"signature_type": "Line",
"id": "CVE-2023-53016-f6ab9735",
"target": {
"file": "net/bluetooth/rfcomm/sock.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d80d57ffcb55488f0ec0b77928d4f82d16b6a90",
"digest": {
"threshold": 0.9,
"line_hashes": [
"293544482282652225814435047686839185495",
"241703222409203014918754212455343408980",
"41029236433386118443373130351392219876",
"255666877071186605727813374382108612107",
"125952738305689412782340243383706822781",
"197392869392223757689631258111201942592",
"292847244176492383467079947907746238411",
"139126654219527833759859258591639649916",
"272037162081119188664498511914131955463",
"184830193619140928247025310894043962235",
"22764728914122676010232525561974586877",
"126709691600343261641769681464745656824",
"296396582326643495265548785277344422190"
]
}
}
]