CVE-2023-1989Use After Free in Kernel

CWE-416Use After Free13 documents11 sources
Severity
7.0HIGHNVD
OSV5.5
EPSS
0.0%
top 95.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelDebian LinuxDebian Linux+4 more
Timeline
PublishedApr 11
Latest updateAug 19

Description

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel2.6.244.14.312+6
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux_kernelLinux kernel version prior to Kernel 6.3 RC4
debiandebian/linux< linux 6.1.52-1 (bookworm)

Also affects: Debian Linux 10.0, 12.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
linux-oem-6.1 vulnerabilities2023-04-19
OSV
CVE-2023-1989: A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio2023-04-11
GHSA
GHSA-99cc-3w6r-wwmv: A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio2023-04-11

📋Vendor Advisories

7
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel vulnerabilities2023-06-22
Ubuntu
Linux kernel (OEM) vulnerabilities2023-04-19
Microsoft
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw a call to btsdio_remove with an unfinished job may cause a race problem leading to a UA2023-04-11

📄Research Papers

1
arXiv
Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects2024-08-19

💬Community

1
Bugzilla
CVE-2023-1989 kernel: Use after free bug in btsdio_remove due to race condition2023-04-11
CVE-2023-1989 — Use After Free in Linux Kernel | cvebase