CVE-2023-1989

Published on: Not Yet Published

Last Modified on: 09/10/2023 12:15:00 PM UTC

CVE-2023-1989

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

CVE-2023-1989 has been assigned by seca[email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	HIGH	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
[SECURITY] [DLA 3404-1] linux-5.10 security update	lists.debian.org text/html	MLIST [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
CVE-2023-1989 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	security.netapp.com text/html	CONFIRM security.netapp.com/advisory/ntap-20230601-0004/
kernel/git/bluetooth/bluetooth-next.git - Bluetooth kernel development tree	Mailing List Patch Vendor Advisory git.kernel.org text/html	MISC git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
[SECURITY] [DLA 3403-1] linux security update	lists.debian.org text/html	MLIST [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
Debian -- Security Information -- DSA-5492-1 linux	www.debian.org Depreciated Link text/html	DEBIAN DSA-5492

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

181765 Debian Security Update for linux-5.10 (DLA 3404-1)
181768 Debian Security Update for linux (DLA 3403-1)
184411 Debian Security Update for linux (CVE-2023-1989)
199298 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6033-1)
199422 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6175-1)
199437 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6186-1)
378701 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0030)
378710 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0079)
753980 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2151-1)
753981 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2146-1)
753982 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2148-1)
753985 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2162-1)
754005 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2163-1)
754023 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2232-1)
906816 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26175-1)
906872 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26168-1)
907086 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (26983-1)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	6.3	rc1	All	All
Operating System	Linux	Linux Kernel	6.3	rc2	All	All
Operating System	Linux	Linux Kernel	6.3	rc3	All	All
Hardware	Netapp	Baseboard Management Controller H300s	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H410c	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H410s	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H500s	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H700s	-	All	All	All

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:*:
cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@CVEreport	CVE-2023-1989 : A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the #Linux Kernel… twitter.com/i/web/status/1…	2023-04-11 21:08:45