CVE-2023-28464

HIGH7.8

hci_conn_cleanup in net/bluetooth/hci_conn

Published Mar 31, 2023

Modified 1 years ago

Details

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

References

WEB

https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/

WEB

https://security.netapp.com/advisory/ntap-20230517-0004/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2023-28464

WEB

https://www.openwall.com/lists/oss-security/2023/03/28/2

WEB

https://www.openwall.com/lists/oss-security/2023/03/28/3

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMar 31, 2023

ModifiedAug 2, 2024