CVE-2023-2002
Public on 2023-04-18
Modified on 2024-03-11
Description
An insufficient permission check has been found in the Bluetooth subsystem of
the Linux kernel when handling ioctl system calls of HCI sockets. This causes
tasks without the proper CAP_NET_ADMIN capability can easily mark HCI sockets
as _trusted_. Trusted sockets are intended to enable the sending and receiving
of management commands and events, such as pairing or connecting with a new
device. As a result, unprivileged users can acquire a trusted socket, leading
to unauthorized execution of management commands. The exploit requires only
the presence of a set of commonly used setuid programs (e.g., su, sudo).
the Linux kernel when handling ioctl system calls of HCI sockets. This causes
tasks without the proper CAP_NET_ADMIN capability can easily mark HCI sockets
as _trusted_. Trusted sockets are intended to enable the sending and receiving
of management commands and events, such as pairing or connecting with a new
device. As a result, unprivileged users can acquire a trusted socket, leading
to unauthorized execution of management commands. The exploit requires only
the presence of a set of commonly used setuid programs (e.g., su, sudo).
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.15 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Core | kernel | 2023-04-27 | ALAS2-2023-2027 | Fixed |
| Amazon Linux 2023 | kernel | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 4.5 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
| NVD | CVSSv3 | 6.8 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |