CVE-2023-54197
Description
In the Linux kernel, the following vulnerability has been resolved:
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
This reverts commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f.
This patch introduces a possible null-ptr-def problem. Revert it. And the fixed bug by this patch have resolved by commit 73f7b171b7c0 ("Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition").
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A revert of a previous fix in the Linux kernel's Bluetooth btsdio driver that itself introduced a null-pointer dereference; the original use-after-free is already fixed by a different commit.
Vulnerability
CVE-2023-54197 documents a revert of commit 1e9ac114c4428f77db7ff4635b45d4f46017e8916f in the Linux kernel's Bluetooth btsdio driver. The original commit was intended to fix a use-after a use-after-free bug in btsdio_remove caused by unfinished work, but it inadvertently introduced a possible null-pointer dereference (null-ptr-def) problem [1].
Exploitation
Exploitation
No specific exploitation scenario is described beyond the kernel code context. The vulnerability is a logic error path in driver removal; an attacker would need the ability to trigger the removal of a btsdio device (e.g., via hot-unplug or system shutdown) while work is still pending, leading to a null-pointer dereference in the kernel.
Impact
A successful trigger of the null-pointer dereference could cause a kernel crash (denial of service). The original use-after-free bug that the reverted patch attempted to fix has already been resolved by a separate commit 73f7b171b7c0 ("Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition") [1].
Mitigation
The fix is to revert the problematic commit. The stable kernel branches have applied this revert (commit db2bf510bd5d57f064d9e1db395ed86a08320c54) [1]. Users should update to a kernel version containing this revert to avoid the null-pointer dereference.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
93b4ed520097270a104588e31de0ffb5145c90837d10f6c37a789192f3661952030c914b58f83fa62614cd8d7ce037d9adb2bf510bd5dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- git.kernel.org/stable/c/0837d10f6c37a47a0c73bccf1e39513613a2fcc2nvd
- git.kernel.org/stable/c/3b4ed52009723f7dfca7a8ca95163bfb441bfb76nvd
- git.kernel.org/stable/c/70a104588e3131415e559c06deb834ce259a285anvd
- git.kernel.org/stable/c/8f83fa62614c282dd5d1211a0dd99c6a0a515b81nvd
- git.kernel.org/stable/c/952030c914b5f2288609efe868537afcff7a3f51nvd
- git.kernel.org/stable/c/a789192f366147a0fbb395650079906d1d04e0b9nvd
- git.kernel.org/stable/c/d8d7ce037d9a8f1f0714ece268c4c2c50845bbc3nvd
- git.kernel.org/stable/c/db2bf510bd5d57f064d9e1db395ed86a08320c54nvd
- git.kernel.org/stable/c/de0ffb5145c9f418ad76f00e58d4b91c680410b2nvd
News mentions
0No linked articles in our index yet.