CVE-2023-2002

MEDIUM

Linux Kernel < 6.4 - Unauthorized Bluetooth Management Command Execution via HCI Sockets

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-2002. PoCs published by lrh2000.

AI-analyzed exploit summary This PoC exploits CVE-2023-2002, a Linux Bluetooth vulnerability where insufficient permission checks allow unprivileged users to execute management commands via HCI sockets by leveraging setuid programs like sudo to mark sockets as trusted.

Description

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

Exploits (1)

nomisec WORKING POC 85 stars

by lrh2000 · poc

https://github.com/lrh2000/CVE-2023-2002

View Code ZIP pw:eip

This PoC exploits CVE-2023-2002, a Linux Bluetooth vulnerability where insufficient permission checks allow unprivileged users to execute management commands via HCI sockets by leveraging setuid programs like sudo to mark sockets as trusted.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux Kernel (v4.9 and later)

No auth needed

Prerequisites: Presence of setuid programs (e.g., sudo, su) · Bluetooth subsystem enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5480

Exploit, Mailing List, Third Party Advisory

https://www.openwall.com/lists/oss-security/2023/04/16/3

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240202-0004/

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Scores

CVSS v3 6.8

EPSS 0.0147

EPSS Percentile 70.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Details

CWE

CWE-250 CWE-863

Status published

Products (3)

debian/debian_linux 10.0

debian/debian_linux 11.0

linux/linux_kernel < 6.4

Published May 26, 2023

Tracked Since Feb 18, 2026