{"id":"CVE-2023-53297","summary":"Bluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp\n\nconn-\u003echan_lock isn't acquired before l2cap_get_chan_by_scid,\nif l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance'\nis triggered.","modified":"2026-04-11T12:46:44.772285Z","published":"2025-09-16T08:11:29.283Z","related":["ALSA-2025:19102","ALSA-2025:19103","SUSE-SU-2025:03615-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3761-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53297.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/116b9c002c894097adc2b8684db2d1da4229ed46"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2112c4c47d36bc5aba3ddeb9afedce6ae6a67e7d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/25e97f7b1866e6b8503be349eeea44bb52d661ce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5134556c9be582793f30695c09d18a26fe1ff2d7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/55410a9144c76ecda126e6cdec556dfcd8f343b2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5f352a56f0e607e6ff539cbf12156bfd8af232be"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6a27762340ad08643de3bc17fe1646ea489ca2e2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fd269a0435f8e9943b7a57c5a59688848d42d449"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53297.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53297"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f2d38e77aa5f3effc143e7dd24da8acf02925958"},{"fixed":"5f352a56f0e607e6ff539cbf12156bfd8af232be"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1351551aa9058e07a20a27a158270cf84fcde621"},{"fixed":"6a27762340ad08643de3bc17fe1646ea489ca2e2"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c02421992505c95c7f3c9ad59ee35e22eac60988"},{"fixed":"2112c4c47d36bc5aba3ddeb9afedce6ae6a67e7d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d9ba36c22a7bb09d6bac4cc2f243eff05da53f43"},{"fixed":"55410a9144c76ecda126e6cdec556dfcd8f343b2"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ac6725a634f7e8c0330610a8527f20c730b61115"},{"fixed":"116b9c002c894097adc2b8684db2d1da4229ed46"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"348d446762e7c70778df8bafbdf3fa0df2123f58"},{"fixed":"fd269a0435f8e9943b7a57c5a59688848d42d449"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a2a9339e1c9deb7e1e079e12e27a0265aea8421a"},{"fixed":"5134556c9be582793f30695c09d18a26fe1ff2d7"},{"fixed":"25e97f7b1866e6b8503be349eeea44bb52d661ce"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"d82a439c3cfdb28aa7e82e2e849c5c4dd9fca284"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53297.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.316"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.284"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.244"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.181"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.113"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.30"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.3.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53297.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}