LiveActive security incident?Get immediate response
CVE Record

CVE-2023-52833: Bluetooth: btusb: Add date->evt_skb is NULL check

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Add date->evt_skb is NULL check fix crash because of null pointers [ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8 [ 6104.969667] #PF: supervisor read access in kernel mode [ 6104.969668] #PF: error_code(0x0000) - not-present page [ 6104.969670] PGD 0 P4D 0 [ 6104.969673] Oops: 0000 [#1] SMP NOPTI [ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb] [ 6104.969688] RSP: 0018:ffffb8d681533d48 EFLAGS: 00010246 [ 6104.969689] RAX: 0000000000000000 RBX: ffff8ad560bb2000 RCX: 0000000000000006 [ 6104.969691] RDX: 0000000000000000 RSI: ffffb8d681533d08 RDI: 0000000000000000 [ 6104.969692] RBP: ffffb8d681533d70 R08: 0000000000000001 R09: 0000000000000001 [ 6104.969694] R10: 0000000000000001 R11: 00000000fa83b2da R12: ffff8ad461d1d7c0 [ 6104.969695] R13: 0000000000000000 R14: ffff8ad459618c18 R15: ffffb8d681533d90 [ 6104.969697] FS: 00007f5a1cab9d40(0000) GS:ffff8ad578200000(0000) knlGS:00000 [ 6104.969699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6104.969700] CR2: 00000000000000c8 CR3: 000000018620c001 CR4: 0000000000760ef0 [ 6104.969701] PKRU: 55555554 [ 6104.969702] Call Trace: [ 6104.969708] btusb_mtk_shutdown+0x44/0x80 [btusb] [ 6104.969732] hci_dev_do_close+0x470/0x5c0 [bluetooth] [ 6104.969748] hci_rfkill_set_block+0x56/0xa0 [bluetooth] [ 6104.969753] rfkill_set_block+0x92/0x160 [ 6104.969755] rfkill_fop_write+0x136/0x1e0 [ 6104.969759] __vfs_write+0x18/0x40 [ 6104.969761] vfs_write+0xdf/0x1c0 [ 6104.969763] ksys_write+0xb1/0xe0 [ 6104.969765] __x64_sys_write+0x1a/0x20 [ 6104.969769] do_syscall_64+0x51/0x180 [ 6104.969771] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 6104.969773] RIP: 0033:0x7f5a21f18fef [ 6104.9] RSP: 002b:00007ffeefe39010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 6104.969780] RAX: ffffffffffffffda RBX: 000055c10a7560a0 RCX: 00007f5a21f18fef [ 6104.969781] RDX: 0000000000000008 RSI: 00007ffeefe39060 RDI: 0000000000000012 [ 6104.969782] RBP: 00007ffeefe39060 R08: 0000000000000000 R09: 0000000000000017 [ 6104.969784] R10: 00007ffeefe38d97 R11: 0000000000000293 R12: 0000000000000002 [ 6104.969785] R13: 00007ffeefe39220 R14: 00007ffeefe391a0 R15: 000055c10a72acf0

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2023-52833 is a Linux kernel Bluetooth driver flaw where missing NULL checking can crash the kernel in the btusb MediaTek shutdown path. The public record shows a crash fix, not data theft or privilege escalation. Business impact is mainly availability on Linux systems using the affected Bluetooth stack.

Executive priority

Handle through normal kernel patch governance unless Bluetooth-heavy fleets or crash reports are present. Escalate priority for systems where local availability matters, such as kiosks, field devices, or operational workstations using Bluetooth peripherals.

Technical view

The flaw is in Linux kernel btusb code, specifically btusb_mtk_hci_wmt_sync, where data->evt_skb may be NULL and then dereferenced. The source crash trace reaches the path through Bluetooth close, rfkill block handling, and btusb_mtk_shutdown. Stable kernel commits add the missing NULL check.

Likely exposure

Exposure appears limited to Linux systems running affected kernel versions with the Bluetooth btusb driver path, especially MediaTek-related code. The bundle lists Linux 5.3 and fixed stable lines around 5.10.202, 5.15.140, 6.1.64, 6.5.13, 6.6.3, and 6.7, but version semantics should be confirmed against vendor kernels.

Exploitation context

The provided sources do not show active exploitation, public exploit tooling, KEV listing, or attacker prerequisites. The evidence demonstrates a kernel NULL pointer dereference crash, so treat it as a potential denial-of-service issue until your Linux vendor clarifies severity and reachability.

Researcher notes

Evidence is narrow: the source describes a resolved Linux kernel crash and provides stable commit references, but no CVSS, CWE, exploit status, or full affected distribution matrix. Avoid assuming remote reachability or privilege impact without additional vendor analysis.

Mitigation direction

  • Update affected Linux kernels to vendor-supported builds containing the btusb NULL-check fix.
  • Prioritize laptops, workstations, kiosks, and servers where Bluetooth hardware is enabled.
  • Check distribution advisories for backported fixes, not only upstream version numbers.
  • Disable unused Bluetooth where operationally acceptable until patched.
  • Monitor kernel logs for btusb, Bluetooth, rfkill, or NULL pointer crash traces.

Validation and detection

  • Inventory Linux kernel versions and Bluetooth hardware across managed endpoints.
  • Confirm whether the btusb module is present, loaded, or packaged on each system.
  • Map vendor kernel builds to the upstream stable commits listed in the CVE record.
  • Review crash logs for btusb_mtk_hci_wmt_sync or btusb_mtk_shutdown references.
  • Validate remediation by confirming patched vendor kernel packages are installed.
Prepared
Confidence
medium
Sources
8

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-52833 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
7Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxa1c49c434e15050b5dafe3b6f5cc732d4f02d657, a1c49c434e15050b5dafe3b6f5cc732d4f02d657, a1c49c434e15050b5dafe3b6f5cc732d4f02d657, a1c49c434e15050b5dafe3b6f5cc732d4f02d657, a1c49c434e15050b5dafe3b6f5cc732d4f02d657, a1c49c434e15050b5dafe3b6f5cc732d4f02d657unaffected
LinuxLinux5.3, 0, 5.10.202, 5.15.140, 6.1.64, 6.5.13, 6.6.3, 6.7affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.