Vulnerability Description
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 6.2 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1210780
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c336
- https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g%
- https://security.netapp.com/advisory/ntap-20230929-0003/
- https://bugzilla.suse.com/show_bug.cgi?id=1210780
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9c336
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g%
- https://security.netapp.com/advisory/ntap-20230929-0003/
FAQ
What is CVE-2023-31083?
CVE-2023-31083 is a vulnerability with a CVSS score of 4.7 (MEDIUM). An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is se...
How severe is CVE-2023-31083?
CVE-2023-31083 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31083?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.