PT-2023-2069 · Linux+6 · Linux Kernel+6
Zhenghan Wang
·
Published
2023-03-09
·
Updated
2024-12-19
·
CVE-2023-28464
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions through 6.2.9
Description
The issue is related to a use-after-free vulnerability in the
hci conn cleanup function in the net/bluetooth/hci conn.c module of the Linux kernel. This vulnerability is observed in the hci conn hash flush function and is caused by calls to hci dev put and hci conn put, leading to a double free. This may allow an attacker to escalate their privileges.Recommendations
For Linux kernel versions through 6.2.9, update to a version that contains a fix for this issue to prevent potential privilege escalation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse