CVE-2023-54197: Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
In the Linux kernel, the following vulnerability has been resolved:
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
This reverts commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f.
This patch introduces a possible null-ptr-def problem. Revert it. And the
fixed bug by this patch have resolved by commit 73f7b171b7c0 ("Bluetooth:
btsdio: fix use after free bug in btsdio_remove due to race condition").
Security readout for executives and security teams
Plain-English summary
This CVE concerns the Linux kernel Bluetooth SDIO driver. A prior kernel patch meant to fix a use-after-free issue introduced a possible null-pointer problem, so Linux reverted it. The public bundle provides no CVSS score, no CWE, and no active exploitation evidence.
Executive priority
Handle through normal kernel patch management unless Bluetooth SDIO exposure is confirmed on sensitive systems. The urgency is limited by missing severity data and no cited exploitation, but kernel issues still warrant timely maintenance.
Technical view
The issue is in Linux Bluetooth btsdio cleanup logic. Commit 1e9ac114c442 was reverted because it could introduce a possible null-pointer dereference condition. The original use-after-free concern was reportedly addressed separately by commit 73f7b171b7c0. Multiple Linux stable commits are cited as the resolution path.
Likely exposure
Exposure is most relevant to Linux systems running affected kernel versions or custom kernels containing the problematic btsdio change, especially where Bluetooth SDIO support is present. The bundle does not identify distributions, appliances, or cloud services as affected.
Exploitation context
The CVE is not marked as KEV, and the supplied sources do not report exploitation, public exploit code, or attack prerequisites. Treat exploitability as unclear until vendor advisories or kernel maintainers provide more detail.
Researcher notes
Key uncertainty is exploitability. The record describes a regression-style kernel fix: reverting a patch that introduced a possible null-pointer issue while relying on a separate race-condition fix. Validate branch-specific status carefully because the source bundle lists mixed commit hashes and kernel releases.
Mitigation direction
Apply vendor or distribution kernel updates that include the referenced stable Linux fixes.
Prioritize systems using Bluetooth SDIO hardware or custom kernels carrying the reverted commit.
If no vendor patch is available, track Linux stable guidance before backporting.
Treat workaround decisions as environment-specific because sources do not name a mitigation.
Validation and detection
Inventory Linux kernel versions and compare them with the CVE-listed affected releases.
Check whether Bluetooth SDIO btsdio support is present and used on relevant systems.
Verify distribution advisories or kernel changelogs include a referenced stable fix commit.
Confirm updated kernels boot successfully and Bluetooth behavior remains acceptable.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-54197 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
10Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Dec 30, 2025, 12:09 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.