CVE-2023-54210

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor()<br /> <br /> KASAN reports that there&amp;#39;s a use-after-free in<br /> hci_remove_adv_monitor(). Trawling through the disassembly, you can<br /> see that the complaint is from the access in bt_dev_dbg() under the<br /> HCI_ADV_MONITOR_EXT_MSFT case. The problem case happens because<br /> msft_remove_monitor() can end up freeing the monitor<br /> structure. Specifically:<br /> hci_remove_adv_monitor() -&gt;<br /> msft_remove_monitor() -&gt;<br /> msft_remove_monitor_sync() -&gt;<br /> msft_le_cancel_monitor_advertisement_cb() -&gt;<br /> hci_free_adv_monitor()<br /> <br /> Let&amp;#39;s fix the problem by just stashing the relevant data when it&amp;#39;s<br /> still valid.