Vulnerability Description
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 6.1.25 |
| Netapp | H300S Firmware | - |
| Netapp | H410C Firmware | - |
| Netapp | H410S Firmware | - |
| Netapp | H500S Firmware | - |
| Netapp | H700S Firmware | - |
Related Weaknesses (CWE)
References
- https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/Mailing ListPatch
- https://security.netapp.com/advisory/ntap-20230517-0004/Third Party Advisory
- https://www.openwall.com/lists/oss-security/2023/03/28/2Mailing ListPatch
- https://www.openwall.com/lists/oss-security/2023/03/28/3Mailing List
- https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/Mailing ListPatch
- https://security.netapp.com/advisory/ntap-20230517-0004/Third Party Advisory
- https://www.openwall.com/lists/oss-security/2023/03/28/2Mailing ListPatch
- https://www.openwall.com/lists/oss-security/2023/03/28/3Mailing List
FAQ
What is CVE-2023-28464?
CVE-2023-28464 is a vulnerability with a CVSS score of 7.8 (HIGH). hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a doubl...
How severe is CVE-2023-28464?
CVE-2023-28464 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28464?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp H300S Firmware, Netapp H410C Firmware, Netapp H410S Firmware, Netapp H500S Firmware.