CVE-2023-2002
Published: October 18, 2023Last modified: October 18, 2023
Description
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.8 |
| Attack Vector | ADJACENT_NETWORK |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | LOW |
| Integrity impact | LOW |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | Stream | linux-lts | Unknown (6.1.33-r0) |