CVE-2023-52833: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Add date->evt_skb is NULL check fix crash because of null pointers [ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8 [ 6104.969667] #PF: supervisor read access in kernel mode [ 6104.969668] #PF: error_code(0x0000) - not-present page [ 6104.969670] PGD 0 P4D 0 [ 6104.969673] Oops: 0000 [#1] SMP NOPTI [ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb] [ 6104.969688] RSP: 0018:ffffb8d681533d48 EFLAGS: 00010246 [ 6104.969689] RAX: 0000000000000000 RBX: ffff8ad560bb2000 RCX: 0000000000000006 [ 6104.969691] RDX: 0000000000000000 RSI: ffffb8d681533d08 RDI: 0000000000000000 [ 6104.969692] RBP: ffffb8d681533d70 R08: 0000000000000001 R09: 0000000000000001 [ 6104.969694] R10: 0000000000000001 R11: 00000000fa83b2da R12: ffff8ad461d1d7c0 [ 6104.969695] R13: 0000000000000000 R14: ffff8ad459618c18 R15: ffffb8d681533d90 [ 6104.969697] FS: 00007f5a1cab9d40(0000) GS:ffff8ad578200000(0000) knlGS:00000 [ 6104.969699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6104.969700] CR2: 00000000000000c8 CR3: 000000018620c001 CR4: 0000000000760ef0 [ 6104.969701] PKRU: 55555554 [ 6104.969702] Call Trace: [ 6104.969708] btusb_mtk_shutdown+0x44/0x80 [btusb] [ 6104.969732] hci_dev_do_close+0x470/0x5c0 [bluetooth] [ 6104.969748] hci_rfkill_set_block+0x56/0xa0 [bluetooth] [ 6104.969753] rfkill_set_block+0x92/0x160 [ 6104.969755] rfkill_fop_write+0x136/0x1e0 [ 6104.969759] __vfs_write+0x18/0x40 [ 6104.969761] vfs_write+0xdf/0x1c0 [ 6104.969763] ksys_write+0xb1/0xe0 [ 6104.969765] __x64_sys_write+0x1a/0x20 [ 6104.969769] do_syscall_64+0x51/0x180 [ 6104.969771] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 6104.969773] RIP: 0033:0x7f5a21f18fef [ 6104.9] RSP: 002b:00007ffeefe39010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 6104.969780] RAX: ffffffffffffffda RBX: 000055c10a7560a0 RCX: 00007f5a21f18fef [ 6104.969781] RDX: 0000000000000008 RSI: 00007ffeefe39060 RDI: 0000000000000012 [ 6104.969782] RBP: 00007ffeefe39060 R08: 0000000000000000 R09: 0000000000000017 [ 6104.969784] R10: 00007ffeefe38d97 R11: 0000000000000293 R12: 0000000000000002 [ 6104.969785] R13: 00007ffeefe39220 R14: 00007ffeefe391a0 R15: 000055c10a72acf0
AI Analysis
Technical Summary
CVE-2023-52833 is a vulnerability identified in the Linux kernel's Bluetooth USB driver (btusb), specifically related to the MediaTek (mtk) Bluetooth chipset handling code. The flaw arises from a missing NULL pointer check on the 'date->evt_skb' pointer within the function 'btusb_mtk_hci_wmt_sync'. This omission can lead to a NULL pointer dereference, causing the kernel to crash (kernel oops) and resulting in a denial of service (DoS) condition. The kernel log excerpts provided demonstrate the crash details, including the instruction pointer at the faulting function, the call stack, and register states at the time of the fault. The vulnerability is triggered when the driver attempts to process Bluetooth events without verifying that the event socket buffer pointer is valid, leading to an invalid memory access at address 0xC8. This bug affects Linux kernel versions containing the specified commit hashes and has been resolved by adding the necessary NULL pointer check to prevent the crash. There is no indication that this vulnerability allows privilege escalation or arbitrary code execution; the primary impact is a kernel crash. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2023-52833 primarily involves potential service disruption due to kernel crashes on Linux systems utilizing Bluetooth hardware supported by the affected btusb driver, particularly those with MediaTek chipsets. This could affect laptops, embedded devices, IoT devices, and servers that rely on Bluetooth connectivity for operational purposes. A kernel crash can lead to system downtime, loss of unsaved data, and potential interruption of critical services. In environments where Bluetooth is used for device management, access control, or communication, this vulnerability could degrade operational reliability. However, since exploitation requires triggering the Bluetooth driver code path and results in a denial of service rather than code execution, the confidentiality and integrity of data are less likely to be compromised directly. The absence of known exploits and the requirement for local access or Bluetooth interaction reduce the immediacy of risk but do not eliminate it, especially in environments with high Bluetooth usage or where attackers can induce Bluetooth events remotely or locally.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that include the NULL pointer check fix for the btusb driver as soon as they become available from their Linux distribution vendors. Specifically, updating to the latest stable kernel versions that incorporate the fix is critical. For systems where immediate patching is not feasible, organizations should consider disabling Bluetooth functionality if it is not essential, thereby reducing the attack surface. Additionally, monitoring kernel logs for signs of NULL pointer dereference crashes related to Bluetooth can help detect attempted exploitation or instability. Network segmentation and access controls limiting untrusted users' ability to interact with Bluetooth interfaces can further mitigate risk. For embedded and IoT devices, coordination with device manufacturers to obtain firmware or kernel updates is recommended. Finally, maintaining robust backup and recovery procedures will help minimize operational impact in case of system crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2023-52833: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Add date->evt_skb is NULL check fix crash because of null pointers [ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8 [ 6104.969667] #PF: supervisor read access in kernel mode [ 6104.969668] #PF: error_code(0x0000) - not-present page [ 6104.969670] PGD 0 P4D 0 [ 6104.969673] Oops: 0000 [#1] SMP NOPTI [ 6104.969684] RIP: 0010:btusb_mtk_hci_wmt_sync+0x144/0x220 [btusb] [ 6104.969688] RSP: 0018:ffffb8d681533d48 EFLAGS: 00010246 [ 6104.969689] RAX: 0000000000000000 RBX: ffff8ad560bb2000 RCX: 0000000000000006 [ 6104.969691] RDX: 0000000000000000 RSI: ffffb8d681533d08 RDI: 0000000000000000 [ 6104.969692] RBP: ffffb8d681533d70 R08: 0000000000000001 R09: 0000000000000001 [ 6104.969694] R10: 0000000000000001 R11: 00000000fa83b2da R12: ffff8ad461d1d7c0 [ 6104.969695] R13: 0000000000000000 R14: ffff8ad459618c18 R15: ffffb8d681533d90 [ 6104.969697] FS: 00007f5a1cab9d40(0000) GS:ffff8ad578200000(0000) knlGS:00000 [ 6104.969699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6104.969700] CR2: 00000000000000c8 CR3: 000000018620c001 CR4: 0000000000760ef0 [ 6104.969701] PKRU: 55555554 [ 6104.969702] Call Trace: [ 6104.969708] btusb_mtk_shutdown+0x44/0x80 [btusb] [ 6104.969732] hci_dev_do_close+0x470/0x5c0 [bluetooth] [ 6104.969748] hci_rfkill_set_block+0x56/0xa0 [bluetooth] [ 6104.969753] rfkill_set_block+0x92/0x160 [ 6104.969755] rfkill_fop_write+0x136/0x1e0 [ 6104.969759] __vfs_write+0x18/0x40 [ 6104.969761] vfs_write+0xdf/0x1c0 [ 6104.969763] ksys_write+0xb1/0xe0 [ 6104.969765] __x64_sys_write+0x1a/0x20 [ 6104.969769] do_syscall_64+0x51/0x180 [ 6104.969771] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 6104.969773] RIP: 0033:0x7f5a21f18fef [ 6104.9] RSP: 002b:00007ffeefe39010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 6104.969780] RAX: ffffffffffffffda RBX: 000055c10a7560a0 RCX: 00007f5a21f18fef [ 6104.969781] RDX: 0000000000000008 RSI: 00007ffeefe39060 RDI: 0000000000000012 [ 6104.969782] RBP: 00007ffeefe39060 R08: 0000000000000000 R09: 0000000000000017 [ 6104.969784] R10: 00007ffeefe38d97 R11: 0000000000000293 R12: 0000000000000002 [ 6104.969785] R13: 00007ffeefe39220 R14: 00007ffeefe391a0 R15: 000055c10a72acf0
AI-Powered Analysis
Technical Analysis
CVE-2023-52833 is a vulnerability identified in the Linux kernel's Bluetooth USB driver (btusb), specifically related to the MediaTek (mtk) Bluetooth chipset handling code. The flaw arises from a missing NULL pointer check on the 'date->evt_skb' pointer within the function 'btusb_mtk_hci_wmt_sync'. This omission can lead to a NULL pointer dereference, causing the kernel to crash (kernel oops) and resulting in a denial of service (DoS) condition. The kernel log excerpts provided demonstrate the crash details, including the instruction pointer at the faulting function, the call stack, and register states at the time of the fault. The vulnerability is triggered when the driver attempts to process Bluetooth events without verifying that the event socket buffer pointer is valid, leading to an invalid memory access at address 0xC8. This bug affects Linux kernel versions containing the specified commit hashes and has been resolved by adding the necessary NULL pointer check to prevent the crash. There is no indication that this vulnerability allows privilege escalation or arbitrary code execution; the primary impact is a kernel crash. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2023-52833 primarily involves potential service disruption due to kernel crashes on Linux systems utilizing Bluetooth hardware supported by the affected btusb driver, particularly those with MediaTek chipsets. This could affect laptops, embedded devices, IoT devices, and servers that rely on Bluetooth connectivity for operational purposes. A kernel crash can lead to system downtime, loss of unsaved data, and potential interruption of critical services. In environments where Bluetooth is used for device management, access control, or communication, this vulnerability could degrade operational reliability. However, since exploitation requires triggering the Bluetooth driver code path and results in a denial of service rather than code execution, the confidentiality and integrity of data are less likely to be compromised directly. The absence of known exploits and the requirement for local access or Bluetooth interaction reduce the immediacy of risk but do not eliminate it, especially in environments with high Bluetooth usage or where attackers can induce Bluetooth events remotely or locally.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that include the NULL pointer check fix for the btusb driver as soon as they become available from their Linux distribution vendors. Specifically, updating to the latest stable kernel versions that incorporate the fix is critical. For systems where immediate patching is not feasible, organizations should consider disabling Bluetooth functionality if it is not essential, thereby reducing the attack surface. Additionally, monitoring kernel logs for signs of NULL pointer dereference crashes related to Bluetooth can help detect attempted exploitation or instability. Network segmentation and access controls limiting untrusted users' ability to interact with Bluetooth interfaces can further mitigate risk. For embedded and IoT devices, coordination with device manufacturers to obtain firmware or kernel updates is recommended. Finally, maintaining robust backup and recovery procedures will help minimize operational impact in case of system crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-21T15:19:24.252Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9830c4522896dcbe76ba
Added to database: 5/21/2025, 9:09:04 AM
Last enriched: 7/1/2025, 7:27:51 AM
Last updated: 8/12/2025, 12:53:20 AM
Views: 15
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.