Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-53305

Опубликовано: 16 сент. 2025
Источник: redhat
CVSS3: 7.6
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej.

Отчет

This L2CAP issue is adjacency-only (Bluetooth LE): an attacker must be within radio range and craft malicious LE frames. Impact is primarily kernel crash / DoS. It could trigger a use-after-free condition when processing LE command rejection. In practice an attacker must either establish a BLE connection or rely on the device accepting unauthenticated L2CAP traffic. If the device enforces pairing/authentication for L2CAP operations, exploitation from an unauthenticated remote actor is unlikely. Fixed in Red Hat Enterprise Linux 9 starting from 9.4.

Меры по смягчению последствий

To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the customer portal at https://access.redhat.com/solutions/2682931. Alternatively, bluetooth can be disabled within the hardware or at the BIOS level, which will also provide effective mitigation as the kernel will not detect Bluetooth hardware on the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelAffected
Red Hat Enterprise Linux 7kernel-rtAffected
Red Hat Enterprise Linux 8kernelAffected
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise Linux 9kernelAffected
Red Hat Enterprise Linux 9kernel-rtAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2395858kernel: Bluetooth: L2CAP: Fix use-after-free

EPSS

Процентиль: 9%
0.00035
Низкий

7.6 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-53305

ubuntu
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej.

nvd логотип

CVE-2023-53305

nvd
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej.

debian логотип

CVE-2023-53305

debian
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: B ...

github логотип

GHSA-xw54-m5g5-fqcg

github
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej.

rocky логотип

RLSA-2025:17797

rocky
21 день назад

Moderate: kernel security update

EPSS

Процентиль: 9%
0.00035
Низкий

7.6 High

CVSS3