Lucene search

ZephyrCVELIST:CVE-2023-1902

HistoryJul 10, 2023 - 4:30 a.m.

CVE-2023-1902 HCI Connection Creation Dangling State Reference Re-use

2023-07-1004:30:14

zephyr

www.cve.org

cve-2023-1902

hci

dangling state reference

bluetooth

dos

rce

host layer

CVSS3

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

9.0%

JSON

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThanOrEqual": "3.3",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx9g-8fr2-q899

CVSS3

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-1902