CVE Vulnerabilities

CVE-2023-28464

Double Free

Published: Mar 31, 2023 | Modified: Dec 22, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.8 MODERATE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 6.1.25 (including) 6.1.25 (including)
Linux_kernel Linux 6.2.12 (including) 6.2.12 (including)
Linux_kernel Linux 6.3 (including) 6.3 (including)
Linux_kernel Linux 6.3-rc1 (including) 6.3-rc1 (including)
Linux_kernel Linux 6.3-rc2 (including) 6.3-rc2 (including)
Linux_kernel Linux 6.3-rc3 (including) 6.3-rc3 (including)
Linux_kernel Linux 6.3-rc4 (including) 6.3-rc4 (including)
Linux_kernel Linux 6.3-rc5 (including) 6.3-rc5 (including)
Linux_kernel Linux 6.3-rc6 (including) 6.3-rc6 (including)
Red Hat Enterprise Linux 8 RedHat kernel-rt-0:4.18.0-553.rt7.342.el8_10 *
Red Hat Enterprise Linux 8 RedHat kernel-0:4.18.0-553.el8_10 *
Red Hat Enterprise Linux 9 RedHat kernel-0:5.14.0-427.13.1.el9_4 *
Red Hat Enterprise Linux 9 RedHat kernel-0:5.14.0-427.13.1.el9_4 *
Linux Ubuntu trusty *
Linux Ubuntu upstream *
Linux Ubuntu xenial *
Linux-allwinner Ubuntu upstream *
Linux-allwinner-5.19 Ubuntu upstream *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu upstream *
Linux-aws Ubuntu xenial *
Linux-aws-5.0 Ubuntu bionic *
Linux-aws-5.0 Ubuntu esm-infra/bionic *
Linux-aws-5.0 Ubuntu upstream *
Linux-aws-5.11 Ubuntu focal *
Linux-aws-5.11 Ubuntu upstream *
Linux-aws-5.13 Ubuntu focal *
Linux-aws-5.13 Ubuntu upstream *
Linux-aws-5.15 Ubuntu upstream *
Linux-aws-5.19 Ubuntu upstream *
Linux-aws-5.3 Ubuntu bionic *
Linux-aws-5.3 Ubuntu esm-infra/bionic *
Linux-aws-5.3 Ubuntu upstream *
Linux-aws-5.4 Ubuntu upstream *
Linux-aws-5.8 Ubuntu focal *
Linux-aws-5.8 Ubuntu upstream *
Linux-aws-6.2 Ubuntu upstream *
Linux-aws-hwe Ubuntu upstream *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu bionic *
Linux-azure Ubuntu esm-infra/bionic *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu upstream *
Linux-azure Ubuntu xenial *
Linux-azure-4.15 Ubuntu upstream *
Linux-azure-5.11 Ubuntu focal *
Linux-azure-5.11 Ubuntu upstream *
Linux-azure-5.13 Ubuntu focal *
Linux-azure-5.13 Ubuntu upstream *
Linux-azure-5.15 Ubuntu upstream *
Linux-azure-5.19 Ubuntu upstream *
Linux-azure-5.3 Ubuntu bionic *
Linux-azure-5.3 Ubuntu esm-infra/bionic *
Linux-azure-5.3 Ubuntu upstream *
Linux-azure-5.4 Ubuntu upstream *
Linux-azure-5.8 Ubuntu focal *
Linux-azure-5.8 Ubuntu upstream *
Linux-azure-6.2 Ubuntu upstream *
Linux-azure-edge Ubuntu bionic *
Linux-azure-edge Ubuntu esm-infra/bionic *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde Ubuntu upstream *
Linux-azure-fde-5.15 Ubuntu upstream *
Linux-azure-fde-5.19 Ubuntu upstream *
Linux-azure-fde-6.2 Ubuntu upstream *
Linux-bluefield Ubuntu upstream *
Linux-dell300x Ubuntu upstream *
Linux-fips Ubuntu trusty *
Linux-fips Ubuntu upstream *
Linux-fips Ubuntu xenial *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu esm-infra/bionic *
Linux-gcp Ubuntu upstream *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu upstream *
Linux-gcp-5.11 Ubuntu focal *
Linux-gcp-5.11 Ubuntu upstream *
Linux-gcp-5.13 Ubuntu focal *
Linux-gcp-5.13 Ubuntu upstream *
Linux-gcp-5.15 Ubuntu upstream *
Linux-gcp-5.19 Ubuntu upstream *
Linux-gcp-5.3 Ubuntu bionic *
Linux-gcp-5.3 Ubuntu esm-infra/bionic *
Linux-gcp-5.3 Ubuntu upstream *
Linux-gcp-5.4 Ubuntu upstream *
Linux-gcp-5.8 Ubuntu focal *
Linux-gcp-5.8 Ubuntu upstream *
Linux-gcp-6.2 Ubuntu upstream *
Linux-gke Ubuntu upstream *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu esm-infra/bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu bionic *
Linux-gke-5.0 Ubuntu upstream *
Linux-gke-5.15 Ubuntu upstream *
Linux-gke-5.3 Ubuntu bionic *
Linux-gke-5.3 Ubuntu upstream *
Linux-gke-5.4 Ubuntu bionic *
Linux-gke-5.4 Ubuntu esm-infra/bionic *
Linux-gke-5.4 Ubuntu upstream *
Linux-gkeop Ubuntu upstream *
Linux-gkeop-5.4 Ubuntu bionic *
Linux-gkeop-5.4 Ubuntu esm-infra/bionic *
Linux-gkeop-5.4 Ubuntu upstream *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu esm-infra/bionic *
Linux-hwe Ubuntu upstream *
Linux-hwe Ubuntu xenial *
Linux-hwe-5.11 Ubuntu focal *
Linux-hwe-5.11 Ubuntu upstream *
Linux-hwe-5.13 Ubuntu focal *
Linux-hwe-5.13 Ubuntu upstream *
Linux-hwe-5.15 Ubuntu upstream *
Linux-hwe-5.19 Ubuntu upstream *
Linux-hwe-5.4 Ubuntu upstream *
Linux-hwe-5.8 Ubuntu focal *
Linux-hwe-5.8 Ubuntu upstream *
Linux-hwe-6.2 Ubuntu upstream *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/bionic *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-ibm Ubuntu upstream *
Linux-ibm-5.4 Ubuntu upstream *
Linux-intel-5.13 Ubuntu focal *
Linux-intel-5.13 Ubuntu upstream *
Linux-intel-iotg Ubuntu upstream *
Linux-intel-iotg-5.15 Ubuntu upstream *
Linux-kvm Ubuntu upstream *
Linux-kvm Ubuntu xenial *
Linux-lowlatency Ubuntu upstream *
Linux-lowlatency-hwe-5.15 Ubuntu upstream *
Linux-lowlatency-hwe-5.19 Ubuntu upstream *
Linux-lowlatency-hwe-6.2 Ubuntu upstream *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu upstream *
Linux-nvidia-6.2 Ubuntu upstream *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu esm-infra/bionic *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oem-5.10 Ubuntu focal *
Linux-oem-5.10 Ubuntu upstream *
Linux-oem-5.13 Ubuntu focal *
Linux-oem-5.13 Ubuntu upstream *
Linux-oem-5.14 Ubuntu focal *
Linux-oem-5.14 Ubuntu upstream *
Linux-oem-5.17 Ubuntu kinetic *
Linux-oem-5.17 Ubuntu upstream *
Linux-oem-5.6 Ubuntu focal *
Linux-oem-5.6 Ubuntu upstream *
Linux-oem-6.0 Ubuntu upstream *
Linux-oem-6.1 Ubuntu upstream *
Linux-oem-osp1 Ubuntu bionic *
Linux-oem-osp1 Ubuntu upstream *
Linux-oracle Ubuntu upstream *
Linux-oracle Ubuntu xenial *
Linux-oracle-5.0 Ubuntu bionic *
Linux-oracle-5.0 Ubuntu esm-infra/bionic *
Linux-oracle-5.0 Ubuntu upstream *
Linux-oracle-5.11 Ubuntu focal *
Linux-oracle-5.11 Ubuntu upstream *
Linux-oracle-5.13 Ubuntu focal *
Linux-oracle-5.13 Ubuntu upstream *
Linux-oracle-5.15 Ubuntu upstream *
Linux-oracle-5.3 Ubuntu bionic *
Linux-oracle-5.3 Ubuntu esm-infra/bionic *
Linux-oracle-5.3 Ubuntu upstream *
Linux-oracle-5.4 Ubuntu upstream *
Linux-oracle-5.8 Ubuntu focal *
Linux-oracle-5.8 Ubuntu upstream *
Linux-raspi Ubuntu upstream *
Linux-raspi-5.4 Ubuntu upstream *
Linux-raspi2 Ubuntu focal *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2-5.3 Ubuntu bionic *
Linux-raspi2-5.3 Ubuntu upstream *
Linux-riscv Ubuntu focal *
Linux-riscv Ubuntu jammy *
Linux-riscv Ubuntu upstream *
Linux-riscv-5.11 Ubuntu focal *
Linux-riscv-5.11 Ubuntu upstream *
Linux-riscv-5.19 Ubuntu upstream *
Linux-riscv-5.8 Ubuntu focal *
Linux-riscv-5.8 Ubuntu upstream *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *
Linux-starfive-5.19 Ubuntu upstream *
Linux-starfive-6.2 Ubuntu upstream *

Potential Mitigations

References