exploitDog

CVE-2023-1989

Опубликовано: 11 апр. 2023

Источник: nvd

CVSS3: 7

CVSS3: 7.1

EPSS Низкий

Описание

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

Ссылки

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://security.netapp.com/advisory/ntap-20230601-0004/
Third Party Advisory
https://www.debian.org/security/2023/dsa-5492
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://security.netapp.com/advisory/ntap-20230601-0004/
Third Party Advisory
https://www.debian.org/security/2023/dsa-5492
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 2.6.24 (включая) до 4.14.312 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.19.280 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.240 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.5 (включая) до 5.10.177 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.11 (включая) до 5.15.105 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.16 (включая) до 6.1.22 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 6.2 (включая) до 6.2.9 (исключая)

Конфигурация 2

Одно из

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00015

Низкий

7 High

CVSS3

7.1 High

CVSS3

Дефекты

CWE-416

CWE-416

Связанные уязвимости

CVE-2023-1989

CVSS3: 7

ubuntu

около 2 лет назад

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

CVE-2023-1989

CVSS3: 7

redhat

больше 2 лет назад

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

CVE-2023-1989

CVSS3: 7

debian

около 2 лет назад

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\ ...

GHSA-99cc-3w6r-wwmv

CVSS3: 7

github

около 2 лет назад

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

ELSA-2024-12354

oracle-oval

около 1 года назад

ELSA-2024-12354: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 2%

0.00015

Низкий

7 High

CVSS3

7.1 High

CVSS3

Дефекты

CWE-416

CWE-416