Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2023-28464
HistoryMar 31, 2023 - 12:00 a.m.

CVE-2023-28464

2023-03-3100:00:00
ubuntu.com
ubuntu.com
16

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through
6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of
calls to hci_dev_put and hci_conn_put. There is a double free that may lead
to privilege escalation.

Bugs

Notes

Author Note
sbeattie both the introducing commit 0f00cd322d22 (“Bluetooth: Free potentially unfreed SCO connection”) and the fixing commit 5dc7d23e167e (“Bluetooth: hci_conn: Fix possible UAF”) were pulled into the upstream stable v6.2.12 kernel, so 6.2.y kernel users were never affected by this issue. Upstream commit a85fb91e3d72 (“Bluetooth: Fix double free in hci_conn_cleanup”) (6.7-rc1) also claims to fix this CVE, not clear if this is a typo or was a followup fix, because the original was incomplete.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux-raspi-5.4< anyUNKNOWN

Related

prion 1
cbl_mariner 2
cve 1
redhatcve 1
debiancve 1
nessus 34
photon 1
openvas 4
prion
prion
Double free
2023-03-31 16:15:00
cbl_mariner
cbl_mariner
CVE-2023-28464 affecting package kernel 5.10.185.1-1
2023-08-15 16:37:27
CVE-2023-28464 affecting package kernel 5.15.118.1-1
2023-08-10 16:37:57
cve
cve
CVE-2023-28464
2023-03-31 16:15:07
redhatcve
redhatcve
CVE-2023-28464
2023-03-31 15:19:47
debiancve
debiancve
CVE-2023-28464
2023-03-31 16:15:07
nessus
nessus
SUSE SLES12 Security Update : kernel (Live Patch 27 for SLE 12 SP4) (SUSE-SU-2023:2422)
2023-06-08 00:00:00
SUSE SLES12 Security Update : kernel (Live Patch 39 for SLE 12 SP5) (SUSE-SU-2023:2415)
2023-06-08 00:00:00
SUSE SLES12 Security Update : kernel (Live Patch 30 for SLE 12 SP4) (SUSE-SU-2023:2420)
2023-06-08 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0090
2023-09-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1801-1)
2023-04-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2805-1)
2023-07-12 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:2646-1)
2024-03-04 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for UB:CVE-2023-28464
prion1cbl_mariner2cve1redhatcve1debiancve1nessus34photon1openvas4