hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
References
Link | Resource |
---|---|
https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/ | Mailing List Patch |
https://security.netapp.com/advisory/ntap-20230517-0004/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2023/03/28/2 | Mailing List Patch |
https://www.openwall.com/lists/oss-security/2023/03/28/3 | Mailing List |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
22 Dec 2023, 21:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/ - Mailing List, Patch |
09 Nov 2023, 14:44
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h500s Firmware
Netapp h700s Firmware Netapp h300s Firmware Netapp h410c Firmware Netapp h410s Firmware |
|
CPE | cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:* |
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
07 Nov 2023, 04:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
11 Aug 2023, 23:28
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20230517-0004/ - Third Party Advisory | |
First Time |
Netapp baseboard Management Controller H410s Firmware
Netapp baseboard Management Controller H300s Firmware Netapp baseboard Management Controller H410c Firmware Netapp baseboard Management Controller H500s Firmware Netapp Netapp baseboard Management Controller H700s Firmware |
|
CPE | cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.3:rc6:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.3:-:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.1.25:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.3:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.3:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.3:rc4:*:*:*:*:*:* |
17 May 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Apr 2023, 00:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-415 | |
First Time |
Linux
Linux linux Kernel |
|
References | (MISC) https://www.openwall.com/lists/oss-security/2023/03/28/2 - Mailing List, Patch | |
References | (MISC) https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/ - Mailing List, Patch | |
References | (MISC) https://www.openwall.com/lists/oss-security/2023/03/28/3 - Mailing List |
31 Mar 2023, 16:23
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-31 16:15
Updated : 2023-12-22 21:04
NVD link : CVE-2023-28464
Mitre link : CVE-2023-28464
CVE.ORG link : CVE-2023-28464
JSON object : View
Products Affected
netapp
- h700s_firmware
- h300s_firmware
- h410s_firmware
- h500s_firmware
- h410c_firmware
linux
- linux_kernel
CWE
CWE-415
Double Free