CVE-2023-2002Execution with Unnecessary Privileges in Kernel

CWE-250Execution with Unnecessary PrivilegesCWE-863Incorrect Authorization39 documents9 sources
Severity
6.8MEDIUMNVD
OSV7.1OSV6.5OSV5.5OSV4.7
EPSS
0.6%
top 30.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxDebian Linux+3 more
Timeline
PublishedMay 26
Latest updateApr 9

Description

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:HExploitability: 2.1 | Impact: 4.7

Affected Packages8 packages

Debianlinux/linux_kernel< 5.10.191-1+3
Ubuntulinux/linux_kernel< 5.4.0-162.179+2
CVEListV5linux/linux_kernelKernel prior to Kernel 6.4-rc1
debiandebian/linux< linux 6.1.27-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

17
OSV
linux-azure vulnerabilities2024-04-09
OSV
linux-aws-hwe, linux-azure, linux-azure-4.15, linux-oracle vulnerabilities2024-03-25
OSV
linux-gcp, linux-gcp-4.15 vulnerabilities2024-03-20
OSV
linux, linux-aws, linux-hwe, linux-kvm, linux-oracle vulnerabilities2024-03-18
OSV
linux-bluefield vulnerabilities2023-09-26

📋Vendor Advisories

20
Ubuntu
Linux kernel (Azure) vulnerabilities2024-04-09
Ubuntu
Linux kernel vulnerabilities2024-03-25
Ubuntu
Linux kernel (GCP) vulnerabilities2024-03-20
Ubuntu
Linux kernel vulnerabilities2024-03-18
CISA ICS
Siemens SCALANCE XCM-/XRM-3002024-02-15

💬Community

1
Bugzilla
CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution2023-04-17
CVE-2023-2002 — Execution with Unnecessary Privileges | cvebase