CVE-2023-28464

CVE	CVE-2023-28464
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-03-31 16:15:00 UTC
Updated	2023-12-22 21:04:00 UTC
Description	hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

Problem Types: CWE-415

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	6.1.25	All	All	All
Operating System	Linux	Linux Kernel	6.2.12	All	All	All
Operating System	Linux	Linux Kernel	6.3	-	All	All
Operating System	Linux	Linux Kernel	6.3	rc1	All	All
Operating System	Linux	Linux Kernel	6.3	rc2	All	All
Operating System	Linux	Linux Kernel	6.3	rc3	All	All
Operating System	Linux	Linux Kernel	6.3	rc4	All	All
Operating System	Linux	Linux Kernel	6.3	rc5	All	All
Operating System	Linux	Linux Kernel	6.3	rc6	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Netapp	Baseboard Management Controller H300s Firmware	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H410c Firmware	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H410s Firmware	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H500s Firmware	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H700s Firmware	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All

Reference	Source	Link	Tags
oss-security - Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free	MISC	www.openwall.com
CVE-2023-28464 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[PATCH] Bluetooth: Fix double free in hci_conn_cleanup - ZhengHan Wang	MISC	lore.kernel.org
oss-security - CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free	MISC	www.openwall.com
[PATCH] Bluetooth: Fix double free in hci_conn_cleanup - ZhengHan Wang		lore.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

379614 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2024:0017)
753901 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1803-1)
753902 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1800-1)
753903 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1801-1)
753905 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1811-1)
753914 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1848-1)
754023 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2232-1)
755851 SUSE Enterprise Linux Security Update for the linux kernel (SUSE-SU-2023:2646-1)
907146 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (25959-1)
907209 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (25956-1)