CVE-2023-54038
NONE EPSS 4.7%
Published Dec 24, 20256mo ago · Modified Jun 17, 20262w ago
Published Dec 24, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link hci_connect_sco currently returns NULL when there is no link (i.e. when hci_conn_link() returns NULL). sco_connect() expects an ERR_PTR in case of any error (see line 266 in sco.c). Thus, hcon set as NULL passes through to sco_conn_add(), which tries to get hcon->hdev, resulting in dereferencing a NULL pointer as reported by syzkaller. The same issue exists for iso_connect_cis() calling hci_connect_cis(). Thus, make hci_connect_sco() and hci_connect_cis() return ERR_PTR instead of NULL.
Threat Intelligence
EPSS Exploit Probability
4.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
References 2
- git.kernel.org https://git.kernel.org/stable/c/357ab53c83a5322437fa434e9a9e3e0bafe6b383
- git.kernel.org https://git.kernel.org/stable/c/b4066eb04bb67e7ff66e5aaab0db4a753f37eaad
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.