CVE-2023-2002

MEDIUM

Linux Kernel < 6.4 - Incorrect Authorization

Title source: rule

Description

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

Exploits (1)

nomisec WORKING POC 85 stars

by lrh2000 · poc

https://github.com/lrh2000/CVE-2023-2002

View Code ZIP pw:eip

References (5)

[Third Party Advisory] https://www.debian.org/security/2023/dsa-5480

[Exploit, Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2023/04/16/3

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240202-0004/

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Scores

CVSS v3 6.8

EPSS 0.0060

EPSS Percentile 69.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Details

CWE

CWE-250 CWE-863

Status published

Products (3)

debian/debian_linux 10.0

debian/debian_linux 11.0

linux/linux_kernel < 6.4

Published May 26, 2023

Tracked Since Feb 18, 2026