FKIE_CVE-2023-54120

Vulnerability from fkie_nvd - Published: 2025-12-24 13:16 - Updated: 2025-12-24 13:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race condition in hidp_session_thread that may lead to use-after-free. For instance, the timer is active while hidp_del_timer is called in hidp_session_thread(). After hidp_session_put, then 'session' will be freed, causing kernel panic when hidp_idle_timeout is running. The solution is to use del_timer_sync instead of del_timer. Here is the call trace: ? hidp_session_probe+0x780/0x780 call_timer_fn+0x2d/0x1e0 __run_timers.part.0+0x569/0x940 hidp_session_probe+0x780/0x780 call_timer_fn+0x1e0/0x1e0 ktime_get+0x5c/0xf0 lapic_next_deadline+0x2c/0x40 clockevents_program_event+0x205/0x320 run_timer_softirq+0xa9/0x1b0 __do_softirq+0x1b9/0x641 __irq_exit_rcu+0xdc/0x190 irq_exit_rcu+0xe/0x20 sysvec_apic_timer_interrupt+0xa1/0xc0
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0efb276d5848a3accc37c6f41b85e442c4768169
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/152f47bd6b995e0e98c85672f6d19894bc287ef2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/248af9feca062a4ca9c3f2ccf67056c8a5eb817f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5f3d214d19899183d4e0cce7552998262112e4ab
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8a99e6200c38b78a45dcd12a6bdc43fdf4dc36be
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c95930abd687fcd1aa040dc4fe90dff947916460
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f6719fd8f409fa1da8dc956e93822d25e1e8b360
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f7ec5ca433ceead8d9d78fd2febff094f289441d
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix race condition in hidp_session_thread\n\nThere is a potential race condition in hidp_session_thread that may\nlead to use-after-free. For instance, the timer is active while\nhidp_del_timer is called in hidp_session_thread(). After hidp_session_put,\nthen \u0027session\u0027 will be freed, causing kernel panic when hidp_idle_timeout\nis running.\n\nThe solution is to use del_timer_sync instead of del_timer.\n\nHere is the call trace:\n\n? hidp_session_probe+0x780/0x780\ncall_timer_fn+0x2d/0x1e0\n__run_timers.part.0+0x569/0x940\nhidp_session_probe+0x780/0x780\ncall_timer_fn+0x1e0/0x1e0\nktime_get+0x5c/0xf0\nlapic_next_deadline+0x2c/0x40\nclockevents_program_event+0x205/0x320\nrun_timer_softirq+0xa9/0x1b0\n__do_softirq+0x1b9/0x641\n__irq_exit_rcu+0xdc/0x190\nirq_exit_rcu+0xe/0x20\nsysvec_apic_timer_interrupt+0xa1/0xc0"
    }
  ],
  "id": "CVE-2023-54120",
  "lastModified": "2025-12-24T13:16:13.940",
  "metrics": {},
  "published": "2025-12-24T13:16:13.940",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0efb276d5848a3accc37c6f41b85e442c4768169"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/152f47bd6b995e0e98c85672f6d19894bc287ef2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/248af9feca062a4ca9c3f2ccf67056c8a5eb817f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5f3d214d19899183d4e0cce7552998262112e4ab"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8a99e6200c38b78a45dcd12a6bdc43fdf4dc36be"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c95930abd687fcd1aa040dc4fe90dff947916460"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f6719fd8f409fa1da8dc956e93822d25e1e8b360"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f7ec5ca433ceead8d9d78fd2febff094f289441d"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Received"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.