Vulnerability Details : CVE-2023-28866
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
Products affected by CVE-2023-28866
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28866
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28866
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2023-28866
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-28866
-
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a
kernel/git/bluetooth/bluetooth-next.git - Bluetooth kernel development treeIssue Tracking
-
https://lore.kernel.org/lkml/20230321015018.1759683-1-iam@sung-woo.kim/
[PATCH] Bluetooth: HCI: Fix global-out-of-bounds - Sungwoo KimMailing List;Patch
-
https://patchwork.kernel.org/project/bluetooth/patch/20230322232543.3079578-1-luiz.dentz@gmail.com
pull-request: bluetooth 2023-03-22 - PatchworkMailing List;Patch
Jump to