Linux Kernel Use-After-Free: btsdio_remove Race in Bluetooth Driver
CVE-2023-1989 Published on April 11, 2023

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2023-1989 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2023-1989

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-1989 are published in these products:

Linux Kernel

Canonical Ubuntu Linux

NetApp Baseboard Management Controller H410c

NetApp Baseboard Management Controller H300s

NetApp Baseboard Management Controller H500s

NetApp Baseboard Management Controller H700s

NetApp Baseboard Management Controller H410s

Debian Linux

NetApp H300s

NetApp H500s

NetApp H700s

NetApp H410s

NetApp H410c

Exploit Probability

EPSS

0.02%

Percentile

3.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Linux Kernel Use-After-Free: btsdio_remove Race in Bluetooth DriverCVE-2023-1989 Published on April 11, 2023

Vulnerability Analysis

Weakness Type

What is a Dangling pointer Vulnerability?

Products Associated with CVE-2023-1989

Exploit Probability

Linux Kernel Use-After-Free: btsdio_remove Race in Bluetooth Driver
CVE-2023-1989 Published on April 11, 2023