{
  "schema_version": "1.4.0",
  "id": "GHSA-3cpr-9mc9-3vfm",
  "modified": "2024-05-21T18:31:22Z",
  "published": "2024-05-21T18:31:22Z",
  "aliases": [
    "CVE-2023-52830"
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix double free in hci_conn_cleanup\n\nsyzbot reports a slab use-after-free in hci_conn_hash_flush [1].\nAfter releasing an object using hci_conn_del_sysfs in the\nhci_conn_cleanup function, releasing the same object again\nusing the hci_dev_put and hci_conn_put functions causes a double free.\nHere's a simplified flow:\n\nhci_conn_del_sysfs:\n  hci_dev_put\n    put_device\n      kobject_put\n        kref_put\n          kobject_release\n            kobject_cleanup\n              kfree_const\n                kfree(name)\n\nhci_dev_put:\n  ...\n    kfree(name)\n\nhci_conn_put:\n  put_device\n    ...\n      kfree(name)\n\nThis patch drop the hci_dev_put and hci_conn_put function\ncall in hci_conn_cleanup function, because the object is\nfreed in hci_conn_del_sysfs function.\n\nThis patch also fixes the refcounting in hci_conn_add_sysfs() and\nhci_conn_del_sysfs() to take into account device_add() failures.\n\nThis fixes CVE-2023-28464.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52830"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c4236f1b2a715e878a06599fa8b0cc21f165d28"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/53d61daf35b1bbf3ae06e852ee107aa2f05b3776"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/56a4fdde95ed98d864611155f6728983e199e198"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c53afc766e07098429520b7677eaa164b593451"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/87624b1f9b781549e69f92db7ede012a21cec275"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a85fb91e3d728bdfc80833167e8162cce8bc7004"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ba7088769800d9892a7e4f35c3137a5b3e65410b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc666d1b47518a18519241cae213de1babd4a4ba"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": null,
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T16:15:20Z"
  }
}