VYPR
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54038

CVE-2023-54038

Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link

hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL).

sco_connect() expects an ERR_PTR in case of any error (see line 266 in sco.c). Thus, hcon set as NULL passes through to sco_conn_add(), which tries to get hcon->hdev, resulting in dereferencing a NULL pointer as reported by syzkaller.

The same issue exists for iso_connect_cis() calling hci_connect_cis().

Thus, make hci_connect_sco() and hci_connect_cis() return ERR_PTR instead of NULL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

64

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.