In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
syzbot reports a possible deadlock in rfcomm_sk_state_change [1].
While rfcomm_sock_connect acquires the sk lock and waits for
the rfcomm lock, rfcomm_sock_release could have the rfcomm
lock and hit a deadlock for acquiring the sk lock.
Here's a simplified flow:
rfcomm_sock_connect:
  lock_sock(sk)
  rfcomm_dlc_open:
    rfcomm_lock()
rfcomm_sock_release:
  rfcomm_sock_shutdown:
    rfcomm_lock()
    __rfcomm_dlc_close:
        rfcomm_k_state_change:
	  lock_sock(sk)
This patch drops the sk lock before calling rfcomm_dlc_open to
avoid the possible deadlock and holds sk's reference count to
prevent use-after-free after rfcomm_dlc_open completes.
                
            References
                    Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    15 Apr 2025, 19:41
| Type | Values Removed | Values Added | 
|---|---|---|
| CWE | CWE-416 CWE-667 | |
| CVSS | v2 : v3 : | v2 : unknown v3 : 5.5 | 
| CPE | cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:* | |
| Summary | 
 | |
| References | () https://git.kernel.org/stable/c/17511bd84871f4a6106cb335616e086880313f3f - Patch | |
| References | () https://git.kernel.org/stable/c/1d80d57ffcb55488f0ec0b77928d4f82d16b6a90 - Patch | |
| References | () https://git.kernel.org/stable/c/98aec50ff7f60cc6f2d6a4396b475c547e58b04d - Patch | |
| First Time | Linux linux Kernel Linux | 
27 Mar 2025, 17:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-03-27 17:15
Updated : 2025-10-01 18:15
NVD link : CVE-2023-53016
Mitre link : CVE-2023-53016
CVE.ORG link : CVE-2023-53016
JSON object : View
Products Affected
                linux
- linux_kernel
