high
7.8
CWE
415 416
Advisory Published
CVE Published
Updated

CVE-2023-28464: Double Free

First published: Mon Mar 13 2023(Updated: )

A double free vulnerability was found in the hci_conn_cleanup function of net/bluetooth/hci_conn.c, which may cause DOS or privilege escalation. Version: Linux kernel 6.2 (this problem also exists in 6.3-rc1) At the end of the hci_conn_del_sysfs(conn) function in the hci_conn_cleanup function, hci_dev_put(hdev) will be called. The hci_dev_put function will eventually call kfree to release the space used by name: ``` hci_dev_put put_device kobject_put kref_put kobject_release kobject_cleanup kfree_const kfree ``` After the hci_conn_del_sysfs function ends, the hci_dev_put function is called again in the hci_conn_cleanup function, and their parameters hdev are the same, so double free will be caused when the name is released. In addition, at the end of hci_conn_cleanup, the hci_conn_put function is called again, which will call the put_device function to release conn-&gt;dev. Obviously conn-&gt;dev has been released, so there will also be a double free problem here. Call Trace from syzbot, <a href="https://syzkaller.appspot.com/bug?id=1bb51491ca5df96a5f724899d1dbb87afda61419">https://syzkaller.appspot.com/bug?id=1bb51491ca5df96a5f724899d1dbb87afda61419</a>:

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Linux Linux kernel=6.1.25
Linux Linux kernel=6.2.12
Linux Linux kernel=6.3
Linux Linux kernel=6.3-rc1
Linux Linux kernel=6.3-rc2
Linux Linux kernel=6.3-rc3
Linux Linux kernel=6.3-rc4
Linux Linux kernel=6.3-rc5
Linux Linux kernel=6.3-rc6
Netapp Baseboard Management Controller H300s Firmware
Netapp Baseboard Management Controller H410c Firmware
Netapp Baseboard Management Controller H410s Firmware
Netapp Baseboard Management Controller H500s Firmware
Netapp Baseboard Management Controller H700s Firmware
Netapp H300s Firmware
Netapp H410c Firmware
Netapp H410s Firmware
Netapp H500s Firmware
Netapp H700s Firmware

Remedy

https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/

Remedy

https://www.openwall.com/lists/oss-security/2023/03/28/2

Remedy

https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this issue?

    The vulnerability ID for this issue is CVE-2023-28464.

  • What is the severity level of CVE-2023-28464?

    CVE-2023-28464 has a severity level of 7.8, which is considered high.

  • Which software versions are affected by CVE-2023-28464?

    The Linux kernel versions 6.1.25, 6.2.12, 6.3, and all release candidates (6.3-rc1 to 6.3-rc6) are affected by CVE-2023-28464. Additionally, Netapp Baseboard Management Controller firmware versions H300s, H410c, H410s, H500s, and H700s are also affected.

  • What is the description of CVE-2023-28464?

    CVE-2023-28464 is a use-after-free vulnerability in the Linux kernel's hci_conn_cleanup function that can lead to privilege escalation due to a double free issue.

  • How can I fix CVE-2023-28464?

    To fix CVE-2023-28464, it is recommended to apply the relevant patch or update provided by the Linux kernel or Netapp, depending on the affected software version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203