Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2023-52518

Disclosure Date: March 02, 2024 •

CVE-2023-52518

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_codec: Fix leaking content of local_codecs

The following memory leak can be observed when the controller supports
codecs which are stored in local_codecs list but the elements are never
freed:

unreferenced object 0xffff88800221d840 (size 32):
comm “kworker/u3:0”, pid 36, jiffies 4294898739 (age 127.060s)
hex dump (first 32 bytes):

f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff  ..........!.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

backtrace:

[<ffffffffb324f557>] __kmalloc+0x47/0x120
[<ffffffffb39ef37d>] hci_codec_list_add.isra.0+0x2d/0x160
[<ffffffffb39ef643>] hci_read_codec_capabilities+0x183/0x270
[<ffffffffb39ef9ab>] hci_read_supported_codecs+0x1bb/0x2d0
[<ffffffffb39f162e>] hci_read_local_codecs_sync+0x3e/0x60
[<ffffffffb39ff1b3>] hci_dev_open_sync+0x943/0x11e0
[<ffffffffb396d55d>] hci_power_on+0x10d/0x3f0
[<ffffffffb30c99b4>] process_one_work+0x404/0x800
[<ffffffffb30ca134>] worker_thread+0x374/0x670
[<ffffffffb30d9108>] kthread+0x188/0x1c0
[<ffffffffb304db6b>] ret_from_fork+0x2b/0x50
[<ffffffffb300206a>] ret_from_fork_asm+0x1a/0x30

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2023-52518 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52518)

Miscellaneous

https://git.kernel.org/stable/c/626535077ba9dc110787540d1fe24881094c15a1

https://git.kernel.org/stable/c/eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1

https://git.kernel.org/stable/c/b938790e70540bf4f2e653dcd74b232494d06c8f

Rapid7

Unknown

CVE-2023-52518

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2023-52518

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2023-52518

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2023-52518

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification