Alpaquita Linux
Security Advisory

CVE-2023-28866

Published: October 18, 2023Last modified: October 18, 2023

Description

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

Severity score breakdown

ParameterValue
Base score5.3
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita LinuxStreamlinux-ltsUnknown (6.1.33-r0)

References

ON THIS PAGE