CVE-2023-53520

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: Fix hci_suspend_sync crash<br /> <br /> If hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier<br /> may still be accessing it, it can cause the program to crash.<br /> Here&amp;#39;s the call trace:<br /> [102152.653246] Call Trace:<br /> [102152.653254] hci_suspend_sync+0x109/0x301 [bluetooth]<br /> [102152.653259] hci_suspend_dev+0x78/0xcd [bluetooth]<br /> [102152.653263] hci_suspend_notifier+0x42/0x7a [bluetooth]<br /> [102152.653268] notifier_call_chain+0x43/0x6b<br /> [102152.653271] __blocking_notifier_call_chain+0x48/0x69<br /> [102152.653273] __pm_notifier_call_chain+0x22/0x39<br /> [102152.653276] pm_suspend+0x287/0x57c<br /> [102152.653278] state_store+0xae/0xe5<br /> [102152.653281] kernfs_fop_write+0x109/0x173<br /> [102152.653284] __vfs_write+0x16f/0x1a2<br /> [102152.653287] ? selinux_file_permission+0xca/0x16f<br /> [102152.653289] ? security_file_permission+0x36/0x109<br /> [102152.653291] vfs_write+0x114/0x21d<br /> [102152.653293] __x64_sys_write+0x7b/0xdb<br /> [102152.653296] do_syscall_64+0x59/0x194<br /> [102152.653299] entry_SYSCALL_64_after_hwframe+0x5c/0xc1<br /> <br /> This patch holds the reference count of the hci_dev object while<br /> processing it in hci_suspend_notifier to avoid potential crash<br /> caused by the race condition.