Vulnerability of the hci_init_stage_sync() function (net/bluetooth/hci_sync.c) in the Linux operating system, which allows a attacker to disclose protected information

🗓️ 02 Apr 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Linux Bluetooth hci_init_stage_sync vulnerability reads beyond buffers, risking disclosure of protected information.

Reporter	Title	Published	Views	Family All 262
AlmaLinux	Important: kernel security, bug fix, and enhancement update	30 Apr 202400:00	–	almalinux
CBLMariner	CVE-2023-28866 affecting package kernel 5.10.185.1-1	15 Aug 202316:37	–	cbl_mariner
CBLMariner	CVE-2023-28866 affecting package kernel for versions less than 5.15.122.1-2	10 Aug 202316:37	–	cbl_mariner
CNNVD	Linux kernel 缓冲区错误漏洞	26 Mar 202300:00	–	cnnvd
CVE	CVE-2023-28866	27 Mar 202300:00	–	cve
Cvelist	CVE-2023-28866	27 Mar 202300:00	–	cvelist
Debian CVE	CVE-2023-28866	27 Mar 202300:00	–	debiancve
Oracle linux	kernel security, bug fix, and enhancement update	2 May 202400:00	–	oraclelinux
EUVD	EUVD-2023-32487	3 Oct 202520:07	–	euvd
Tenable Nessus	MiracleLinux 9 : kernel-5.14.0-427.13.1.el9_4 (AXSA:2024-8139:13)	20 Jan 202600:00	–	nessus

Source	Link
git	www.git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/
lore	www.lore.kernel.org/lkml/[email protected]/
patchwork	www.patchwork.kernel.org/project/bluetooth/patch/[email protected]/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2023-28866
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.10/
web	www.web.nvd.nist.gov/view/vuln/detail

03 Apr 2024 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 25

CVSS 35.3

EPSS0.00779

hci_init_stage_sync bluetooth vulnerability buffer overread linux kernel remote disclosure