PT-2023-2069 · Linux+6 · Linux Kernel+6
Zhenghan Wang
·
Publicado
2023-03-09
·
Atualizado
2024-12-19
·
CVE-2023-28464
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions through 6.2.9
Description
The issue is related to a use-after-free vulnerability in the
hci conn cleanup function in the net/bluetooth/hci conn.c module of the Linux kernel. This vulnerability is observed in the hci conn hash flush function and is caused by calls to hci dev put and hci conn put, leading to a double free. This may allow an attacker to escalate their privileges.Recommendations
For Linux kernel versions through 6.2.9, update to a version that contains a fix for this issue to prevent potential privilege escalation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Double Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse