CVE-2023-28866

Опубликовано: 27 мар. 2023

Источник: debian

EPSS Низкий

Описание

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
linux	fixed	6.1.20-2		package
linux	not-affected		bullseye	package
linux	not-affected		buster	package

EPSS

Процентиль: 6%

0.00023

Низкий

Связанные уязвимости

CVE-2023-28866

CVSS3: 5.3

ubuntu

почти 3 года назад

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

CVE-2023-28866

CVSS3: 5.3

redhat

почти 3 года назад

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

CVE-2023-28866

CVSS3: 5.3

nvd

почти 3 года назад

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

CVE-2023-28866

CVSS3: 5.3

msrc

больше 2 лет назад

In the Linux kernel through 6.2.8 net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element but do not.

GHSA-qpqg-8rvq-f5c4

CVSS3: 5.3

github

почти 3 года назад

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

EPSS

Процентиль: 6%

0.00023

Низкий