CVE-2023-2002
Published: October 18, 2023Last modified: October 18, 2023
Description
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.8 |
Attack Vector | ADJACENT_NETWORK |
Attack complexity | LOW |
Privileges required | LOW |
User interaction | NONE |
Scope | UNCHANGED |
Confidentiality | LOW |
Integrity impact | LOW |
Availability impact | HIGH |
Vector | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | Stream | linux-lts | Unknown (6.1.33-r0) |