CVE-2023-28464

moderate-risk

Published 2023-03-31

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (14)

Linux Kernel

H300S Firmware

H410C Firmware

H410S Firmware

H500S Firmware

H700S Firmware

Affected Vendors

Linux Netapp

References (8)

Mailing List https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/

Third Party Advisory https://security.netapp.com/advisory/ntap-20230517-0004/

Mailing List https://www.openwall.com/lists/oss-security/2023/03/28/2

Mailing List https://www.openwall.com/lists/oss-security/2023/03/28/3

Mailing List https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/

Third Party Advisory https://security.netapp.com/advisory/ntap-20230517-0004/

Mailing List https://www.openwall.com/lists/oss-security/2023/03/28/2

Mailing List https://www.openwall.com/lists/oss-security/2023/03/28/3

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate