PT-2023-2351 · Linux+10 · Linux Kernel+10

Ruihan Li

·

Published

2023-04-16

·

Updated

2025-11-11

·

CVE-2023-2002

CVSS v3.1

6.8

Medium

VectorAV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)
Description A vulnerability was found in the HCI sockets implementation due to a missing capability check in the Linux Kernel. This flaw allows an attacker to execute management commands without authorization, compromising the confidentiality, integrity, and availability of Bluetooth communication. The issue is related to insufficient permission checks when handling ioctl system calls of HCI sockets, enabling tasks without the proper CAP NET ADMIN capability to mark HCI sockets as trusted. As a result, unprivileged users can acquire a trusted socket, leading to unauthorized execution of management commands. If successfully exploited, the vulnerability can be used to pair the controller with malicious devices, even if the Bluetooth service is disabled or not installed.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Authorization

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-250CWE-20

Related Identifiers

ALSA-2023:3708
ALSA-2023:3723
ALSA-2023:5244
ALSA-2023_5244
ALSA-2024_10939
ALSA-2024_10943
ALSA-2024_10944
ALSA-2024_1607
ALSA-2024_2394
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALSA-2025_18281
ALSA-2025_19102
ALSA-2025_19103
ALSA-2025_19409
ALSA-2025_20518
ALT-PU-2023-1944
ALT-PU-2023-4401
ALT-PU-2023-4482
ALT-PU-2023-4663
ALT-PU-2024-14046
ALT-PU-2024-6818
AZL-27078
BDU:2023-02118
CESA-2023_5244
CESA-2023_5255
CVE-2023-2002
DLA-3508-1
DLA-3623-1
DSA-5480-1
ELSA-2023-3723
ELSA-2023-5244
ELSA-2024-2004
MGASA-2023-0166
MGASA-2023-0173
OESA-2023-1284
OPENSUSE-SU-2023_2646-1
OPENSUSE-SU-2023_2859-1
OPENSUSE-SU-2023_2871-1
OPENSUSE-SU-2023_3055-1
OPENSUSE-SU-2023_3063-1
OPENSUSE-SU-2023_3079-1
OPENSUSE-SU-2023_3116-1
OPENSUSE-SU-2023_3153-1
RHSA-2023:3708
RHSA-2023:3723
RHSA-2023:4137
RHSA-2023:4138
RHSA-2023:4789
RHSA-2023:4961
RHSA-2023:4962
RHSA-2023:5244
RHSA-2023:5255
RHSA-2023_3708
RHSA-2023_3723
RHSA-2023_5244
RHSA-2023_5255
RHSA-2024:1746
RHSA-2024:2003
RHSA-2024:2004
RHSA-2024:4098
RHSA-2024_2003
RHSA-2024_2004
RLSA-2023:5244
RLSA-2023_5244
RXSA-2023:5244
SUSE-SU-2023:2500-1
SUSE-SU-2023:2646-1
SUSE-SU-2023:2653-1
SUSE-SU-2023:2782-1
SUSE-SU-2023:2804-1
SUSE-SU-2023:2808-1
SUSE-SU-2023:2809-1
SUSE-SU-2023:2810-1
SUSE-SU-2023:2822-1
SUSE-SU-2023:2830-1
SUSE-SU-2023:2834-1
SUSE-SU-2023:2859-1
SUSE-SU-2023:2871-1
SUSE-SU-2023:3035-1
SUSE-SU-2023:3036-1
SUSE-SU-2023:3046-1
SUSE-SU-2023:3055-1
SUSE-SU-2023:3063-1
SUSE-SU-2023:3069-1
SUSE-SU-2023:3073-1
SUSE-SU-2023:3075-1
SUSE-SU-2023:3076-1
SUSE-SU-2023:3079-1
SUSE-SU-2023:3081-1
SUSE-SU-2023:3083-1
SUSE-SU-2023:3104-1
SUSE-SU-2023:3107-1
SUSE-SU-2023:3111-1
SUSE-SU-2023:3116-1
SUSE-SU-2023:3153-1
SUSE-SU-2023_2804-1
SUSE-SU-2023_2808-1
SUSE-SU-2023_2810-1
SUSE-SU-2023_2822-1
SUSE-SU-2023_2830-1
SUSE-SU-2023_2834-1
SUSE-SU-2023_2859-1
USN-6173-1
USN-6283-1
USN-6300-1
USN-6311-1
USN-6332-1
USN-6340-1
USN-6340-2
USN-6347-1
USN-6349-1
USN-6357-1
USN-6385-1
USN-6397-1
USN-6701-1
USN-6701-2
USN-6701-3
USN-6701-4

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu