CVE-2023-1989
HIGHLinux Kernel 2.6.24-4.14.312 - Use-After-Free in btsdio_remove
Title source: llmDescription
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
References (6)
Core 6
Core References
Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
Third Party Advisory
https://security.netapp.com/advisory/ntap-20230601-0004/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5492
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
Scores
CVSS v3
7.0
EPSS
0.0002
EPSS Percentile
5.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (8)
debian/debian_linux
10.0
debian/debian_linux
12.0
linux/linux_kernel
2.6.24 - 4.14.312
netapp/h300s
netapp/h410c
netapp/h410s
netapp/h500s
netapp/h700s
Published
Apr 11, 2023
Tracked Since
Feb 18, 2026