CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
30.6%
An out-of-bounds (OOB) memory access flaw was found in net/bluetooth/hci_sync.c due to a missing exit patch while in loop in amp_init1[] and amp_init2[]. This issue could allow an attacker to leak internal kernel information.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
bugzilla.redhat.com/show_bug.cgi?id=2185519
git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=95084403f8c070ccf5d7cbe72352519c1798a40a
lore.kernel.org/lkml/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2023-28866
patchwork.kernel.org/project/bluetooth/patch/[email protected]
www.cve.org/CVERecord?id=CVE-2023-28866