CVE-2023-28464

HIGH

Linux kernel <6.2.9 - Use After Free

Title source: llm

Description

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

References (4)

[Mailing List, Patch] https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20230517-0004/

[Mailing List, Patch] https://www.openwall.com/lists/oss-security/2023/03/28/2

[Mailing List] https://www.openwall.com/lists/oss-security/2023/03/28/3

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (14)

linux/linux_kernel

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

Timeline

Published Mar 31, 2023

Tracked Since Feb 18, 2026