Lucene search

ZephyrCVELIST:CVE-2023-1901

HistoryJul 10, 2023 - 4:37 a.m.

CVE-2023-1901 HCI send_sync Dangling Semaphore Reference Re-use

2023-07-1004:37:33

zephyr

www.cve.org

cve-2023-1901

bluetooth

dangling semaphore

host layer

dos

rce

CVSS3

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Zephyr",
    "product": "Zephyr",
    "repo": "https://github.com/zephyrproject-rtos/zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThanOrEqual": "3.3",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

References

github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xvvm-8mcm-9cq3

CVSS3

5.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-1901