CVE-2023-53520
- Source
- https://cve.org/CVERecord?id=CVE-2023-53520
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53520.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53520
- Downstream
- Related
- Published
- 2025-10-01T11:46:07.355Z
- Modified
- 2026-04-11T12:46:48.355031Z
- Summary
- Bluetooth: Fix hci_suspend_sync crash
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix hcisuspendsync crash
If hciunregisterdev() frees the hcidev object but hcisuspendnotifier may still be accessing it, it can cause the program to crash. Here's the call trace: <4>[102152.653246] Call Trace: <4>[102152.653254] hcisuspendsync+0x109/0x301 [bluetooth] <4>[102152.653259] hcisuspenddev+0x78/0xcd [bluetooth] <4>[102152.653263] hcisuspendnotifier+0x42/0x7a [bluetooth] <4>[102152.653268] notifiercall_chain+0x43/0x6b <4>[102152.653271] __blockingnotifiercall_chain+0x48/0x69 <4>[102152.653273] __pmnotifiercallchain+0x22/0x39 <4>[102152.653276] pmsuspend+0x287/0x57c <4>[102152.653278] statestore+0xae/0xe5 <4>[102152.653281] kernfsfop_write+0x109/0x173 <4>[102152.653284] __vfswrite+0x16f/0x1a2 <4>[102152.653287] ? selinuxfilepermission+0xca/0x16f <4>[102152.653289] ? securityfilepermission+0x36/0x109 <4>[102152.653291] vfswrite+0x114/0x21d <4>[102152.653293] __x64syswrite+0x7b/0xdb <4>[102152.653296] dosyscall64+0x59/0x194 <4>[102152.653299] entrySYSCALL64afterhwframe+0x5c/0xc1
This patch holds the reference count of the hcidev object while processing it in hcisuspend_notifier to avoid potential crash caused by the race condition.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53520.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/06e2b5ad72b60f90bfe565c201346532e271f484
- https://git.kernel.org/stable/c/573ebae162111063eedc6c838a659ba628f66a0f
- https://git.kernel.org/stable/c/e1fa25a91091bbed691ba2996a6cee809e3309a2
- https://git.kernel.org/stable/c/f9c8ce5d665653e3cf71a76349d41d7a7f7947e6
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53520.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53520
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9952d90ea2885d7cbf80cd233f694f09a9c0eaecFixede1fa25a91091bbed691ba2996a6cee809e3309a2Fixed06e2b5ad72b60f90bfe565c201346532e271f484Fixedf9c8ce5d665653e3cf71a76349d41d7a7f7947e6Fixed573ebae162111063eedc6c838a659ba628f66a0f