CVE-2023-28866
CVSS V2 None
CVSS V3 None
Description
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
Overview
- CVE ID
- CVE-2023-28866
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-27T01:15:07
- Last Modified Date
- 2023-04-03T13:59:58
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 1 | OR | 6.2.8 |
References
Reference URL | Reference Tags |
---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a | Issue Tracking |
https://lore.kernel.org/lkml/20230321015018.1759683-1-iam@sung-woo.kim/ | Mailing List Patch |
https://patchwork.kernel.org/project/bluetooth/patch/20230322232543.3079578-1-luiz.dentz@gmail.com | Mailing List Patch |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-28866 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28866 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-17 03:28:50 | Added to TrackCVE | |||
2023-04-17 03:28:52 | Weakness Enumeration | new |