CVE-2023-40283

CWE-416 — Use After Free26 documents9 sources

Severity

7.8HIGH

EPSS

0.0%

top 98.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Debian Debian Linux

Timeline

PublishedAug 14

Latest updateNov 28

Description

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlinux/linux_kernel3.5 — 4.14.322+6

▶Debianlinux< 5.10.191-1+3

Also affects: Debian Linux 10.0, 11.0, 12.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 22.04

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, linux-oracle-5.15 vulnerabilities↗2023-10-03

▶

OSV

linux-raspi vulnerabilities↗2023-09-29

▶

OSV

linux-bluefield, linux-raspi, linux-raspi-5.4 vulnerabilities↗2023-09-26

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, lin↗2023-09-19

▶

GHSA

GHSA-cp56-rpr6-7673: An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock↗2023-08-14

▶

📋Vendor Advisories

Ubuntu

Kernel Live Patch Security Notice↗2023-11-28

▶

Ubuntu

Linux kernel (NVIDIA) vulnerabilities↗2023-10-31

▶

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2023-40283↗2023-10-24

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2023-10-17

▶

Ubuntu

Kernel Live Patch Security Notice↗2023-10-10

▶