CVE-2023-53252 – This is a use-after-free vulnerability in the L... (How to Fix)

Q: What is the severity of CVE-2023-53252?

CVE-2023-53252 has a CVSS score of 7.8 (HIGH). This is a use-after-free vulnerability in the Linux kernel's Bluetooth subsystem that allows local attackers to cause memory corruption, potentially leading to system crashes or arbitrary code execution. It affects Linux systems with Bluetooth enabled, particularly when using BlueZ or performing Bluetooth Low Energy operations. The vulnerability occurs when lists of pending Bluetooth connections are modified while being iterated without proper synchronization.

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's Bluetooth subsystem that allows local attackers to cause memory corruption, potentially leading to system crashes or arbitrary code execution. It affects Linux systems with Bluetooth enabled, particularly when using BlueZ or performing Bluetooth Low Energy operations. The vulnerability occurs when lists of pending Bluetooth connections are modified while being iterated without proper synchronization.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Bluetooth subsystem to be enabled and active. More likely to be triggered when using Bluetooth Low Energy features or during connection/disconnection operations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, complete system compromise, or persistent denial of service.

🟠

Likely Case

System crash (kernel panic) or instability when Bluetooth operations are performed, potentially requiring system reboot.

🟢

If Mitigated

Limited to denial of service in controlled environments with restricted Bluetooth access and proper kernel hardening.

🌐 Internet-Facing: LOW - Requires local access or Bluetooth proximity; not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Local attackers or malicious Bluetooth devices in proximity could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or Bluetooth proximity. Triggering requires specific Bluetooth operations that cause list modifications during iteration. The KASAN report shows it can be triggered by BlueZ mgmt-tester or iso-tester cases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 13ad45ad14df992a6754a130a19abc8c142d54e2, 195ef75e19287b4bc413da3e3e3722b030ac881e, cef88a0fd8e9c2e838162fbb742b3e713b811a7e

Vendor Advisory: https://git.kernel.org/stable/c/13ad45ad14df992a6754a130a19abc8c142d54e2

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable Bluetooth

linux

Completely disable Bluetooth subsystem to prevent exploitation

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo modprobe -r btusb bluetooth

Restrict Bluetooth access

linux

Limit Bluetooth operations to trusted users only

sudo chmod 600 /var/run/bluetooth/*
sudo setfacl -m u:trusted_user:rw /var/run/bluetooth/*

🧯 If You Can't Patch

Disable Bluetooth functionality entirely if not required
Implement strict access controls to limit who can perform Bluetooth operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if Bluetooth is active: 'uname -r' and 'systemctl status bluetooth'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: 'uname -r' and check distribution's security advisories

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN reports in dmesg
Bluetooth subsystem crashes in system logs

Network Indicators:

Unusual Bluetooth connection patterns
Multiple failed Bluetooth connection attempts

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "slab-use-after-free") AND "bluetooth"

📊 Metadata

CVE ID: CVE-2023-53252

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.01% exploit probability (1.1th percentile)

Published: September 15, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53252, you might also want to check these: