CVE-2023-53016

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: Fix possible deadlock in rfcomm_sk_state_change<br /> <br /> syzbot reports a possible deadlock in rfcomm_sk_state_change [1].<br /> While rfcomm_sock_connect acquires the sk lock and waits for<br /> the rfcomm lock, rfcomm_sock_release could have the rfcomm<br /> lock and hit a deadlock for acquiring the sk lock.<br /> Here&amp;#39;s a simplified flow:<br /> <br /> rfcomm_sock_connect:<br /> lock_sock(sk)<br /> rfcomm_dlc_open:<br /> rfcomm_lock()<br /> <br /> rfcomm_sock_release:<br /> rfcomm_sock_shutdown:<br /> rfcomm_lock()<br /> __rfcomm_dlc_close:<br /> rfcomm_k_state_change:<br /> lock_sock(sk)<br /> <br /> This patch drops the sk lock before calling rfcomm_dlc_open to<br /> avoid the possible deadlock and holds sk&amp;#39;s reference count to<br /> prevent use-after-free after rfcomm_dlc_open completes.