{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52518", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-20T12:30:33.317Z", "datePublished": "2024-03-02T21:54:47.826Z", "dateUpdated": "2024-11-04T14:48:25.922Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:25.922Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_codec: Fix leaking content of local_codecs\n\nThe following memory leak can be observed when the controller supports\ncodecs which are stored in local_codecs list but the elements are never\nfreed:\n\nunreferenced object 0xffff88800221d840 (size 32):\n comm \"kworker/u3:0\", pid 36, jiffies 4294898739 (age 127.060s)\n hex dump (first 32 bytes):\n f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff ..........!.....\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffffb324f557>] __kmalloc+0x47/0x120\n [<ffffffffb39ef37d>] hci_codec_list_add.isra.0+0x2d/0x160\n [<ffffffffb39ef643>] hci_read_codec_capabilities+0x183/0x270\n [<ffffffffb39ef9ab>] hci_read_supported_codecs+0x1bb/0x2d0\n [<ffffffffb39f162e>] hci_read_local_codecs_sync+0x3e/0x60\n [<ffffffffb39ff1b3>] hci_dev_open_sync+0x943/0x11e0\n [<ffffffffb396d55d>] hci_power_on+0x10d/0x3f0\n [<ffffffffb30c99b4>] process_one_work+0x404/0x800\n [<ffffffffb30ca134>] worker_thread+0x374/0x670\n [<ffffffffb30d9108>] kthread+0x188/0x1c0\n [<ffffffffb304db6b>] ret_from_fork+0x2b/0x50\n [<ffffffffb300206a>] ret_from_fork_asm+0x1a/0x30"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/hci_core.c", "net/bluetooth/hci_event.c", "net/bluetooth/hci_sync.c"], "versions": [{"version": "8961987f3f5f", "lessThan": "626535077ba9", "status": "affected", "versionType": "git"}, {"version": "8961987f3f5f", "lessThan": "eea5a8f0c3b7", "status": "affected", "versionType": "git"}, {"version": "8961987f3f5f", "lessThan": "b938790e7054", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/hci_core.c", "net/bluetooth/hci_event.c", "net/bluetooth/hci_sync.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.57", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.7", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/626535077ba9dc110787540d1fe24881094c15a1"}, {"url": "https://git.kernel.org/stable/c/eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1"}, {"url": "https://git.kernel.org/stable/c/b938790e70540bf4f2e653dcd74b232494d06c8f"}], "title": "Bluetooth: hci_codec: Fix leaking content of local_codecs", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-770", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-24T14:55:30.640088Z", "id": "CVE-2023-52518", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-01T15:47:47.632Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.700Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/626535077ba9dc110787540d1fe24881094c15a1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b938790e70540bf4f2e653dcd74b232494d06c8f", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/626535077ba9dc110787540d1fe24881094c15a1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b938790e70540bf4f2e653dcd74b232494d06c8f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.700Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52518", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-24T14:55:30.640088Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T14:55:35.931Z"}}], "cna": {"title": "Bluetooth: hci_codec: Fix leaking content of local_codecs", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8961987f3f5f", "lessThan": "626535077ba9", "versionType": "git"}, {"status": "affected", "version": "8961987f3f5f", "lessThan": "eea5a8f0c3b7", "versionType": "git"}, {"status": "affected", "version": "8961987f3f5f", "lessThan": "b938790e7054", "versionType": "git"}], "programFiles": ["net/bluetooth/hci_core.c", "net/bluetooth/hci_event.c", "net/bluetooth/hci_sync.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.16"}, {"status": "unaffected", "version": "0", "lessThan": "5.16", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.57", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.5.7", "versionType": "semver", "lessThanOrEqual": "6.5.*"}, {"status": "unaffected", "version": "6.6", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/bluetooth/hci_core.c", "net/bluetooth/hci_event.c", "net/bluetooth/hci_sync.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/626535077ba9dc110787540d1fe24881094c15a1"}, {"url": "https://git.kernel.org/stable/c/eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1"}, {"url": "https://git.kernel.org/stable/c/b938790e70540bf4f2e653dcd74b232494d06c8f"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_codec: Fix leaking content of local_codecs\n\nThe following memory leak can be observed when the controller supports\ncodecs which are stored in local_codecs list but the elements are never\nfreed:\n\nunreferenced object 0xffff88800221d840 (size 32):\n comm \"kworker/u3:0\", pid 36, jiffies 4294898739 (age 127.060s)\n hex dump (first 32 bytes):\n f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff ..........!.....\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffffb324f557>] __kmalloc+0x47/0x120\n [<ffffffffb39ef37d>] hci_codec_list_add.isra.0+0x2d/0x160\n [<ffffffffb39ef643>] hci_read_codec_capabilities+0x183/0x270\n [<ffffffffb39ef9ab>] hci_read_supported_codecs+0x1bb/0x2d0\n [<ffffffffb39f162e>] hci_read_local_codecs_sync+0x3e/0x60\n [<ffffffffb39ff1b3>] hci_dev_open_sync+0x943/0x11e0\n [<ffffffffb396d55d>] hci_power_on+0x10d/0x3f0\n [<ffffffffb30c99b4>] process_one_work+0x404/0x800\n [<ffffffffb30ca134>] worker_thread+0x374/0x670\n [<ffffffffb30d9108>] kthread+0x188/0x1c0\n [<ffffffffb304db6b>] ret_from_fork+0x2b/0x50\n [<ffffffffb300206a>] ret_from_fork_asm+0x1a/0x30"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T14:48:25.922Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52518", "state": "PUBLISHED", "dateUpdated": "2024-11-04T14:48:25.922Z", "dateReserved": "2024-02-20T12:30:33.317Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-02T21:54:47.826Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_codec: Fix leaking content of local_codecs\n\nThe following memory leak can be observed when the controller supports\ncodecs which are stored in local_codecs list but the elements are never\nfreed:\n\nunreferenced object 0xffff88800221d840 (size 32):\n comm \"kworker/u3:0\", pid 36, jiffies 4294898739 (age 127.060s)\n hex dump (first 32 bytes):\n f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff ..........!.....\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<ffffffffb324f557>] __kmalloc+0x47/0x120\n [<ffffffffb39ef37d>] hci_codec_list_add.isra.0+0x2d/0x160\n [<ffffffffb39ef643>] hci_read_codec_capabilities+0x183/0x270\n [<ffffffffb39ef9ab>] hci_read_supported_codecs+0x1bb/0x2d0\n [<ffffffffb39f162e>] hci_read_local_codecs_sync+0x3e/0x60\n [<ffffffffb39ff1b3>] hci_dev_open_sync+0x943/0x11e0\n [<ffffffffb396d55d>] hci_power_on+0x10d/0x3f0\n [<ffffffffb30c99b4>] process_one_work+0x404/0x800\n [<ffffffffb30ca134>] worker_thread+0x374/0x670\n [<ffffffffb30d9108>] kthread+0x188/0x1c0\n [<ffffffffb304db6b>] ret_from_fork+0x2b/0x50\n [<ffffffffb300206a>] ret_from_fork_asm+0x1a/0x30"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: hci_codec: corrige el contenido filtrado de local_codecs La siguiente p\u00e9rdida de memoria se puede observar cuando el controlador admite c\u00f3decs que se almacenan en la lista local_codecs pero los elementos nunca se liberan: objeto sin referencia 0xffff88800221d840 ( tama\u00f1o 32): comunicaci\u00f3n \"kworker/u3:0\", pid 36, santiam\u00e9n 4294898739 (edad 127.060 s) volcado hexadecimal (primeros 32 bytes): f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff ... .......!..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso: [] __kmalloc+0x47/0x120 [] hci_codec_list_add.isra.0+0x2d/0x160 [] hci_read_codec_capabilities+0x183/0x270 [] hci_read_supported_codecs+0x 1bb/0x2d0 [] hci_read_local_codecs_sync+0x3e/ 0x60 [] hci_dev_open_sync+0x943/0x11e0 [] hci_power_on+0x10d/0x3f0 [] Process_one_work+0x404/0x800 [] hilo_trabajador+0x374/0x670 [] kthread+0x188/ 0x1c0 [] ret_from_fork+0x2b/0x50 [] ret_from_fork_asm+0x1a/0x30"}], "id": "CVE-2023-52518", "lastModified": "2024-11-01T16:35:06.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-02T22:15:47.970", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/626535077ba9dc110787540d1fe24881094c15a1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b938790e70540bf4f2e653dcd74b232494d06c8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/eea5a8f0c3b7c884d2351e75fbdd0a3d7def5ae1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4823", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.75.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4831", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}], "bugzilla": {"description": "kernel: Bluetooth: hci_codec: Fix leaking content of local_codecs", "id": "2267799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267799"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: hci_codec: Fix leaking content of local_codecs\nThe following memory leak can be observed when the controller supports\ncodecs which are stored in local_codecs list but the elements are never\nfreed:\nunreferenced object 0xffff88800221d840 (size 32):\ncomm \"kworker/u3:0\", pid 36, jiffies 4294898739 (age 127.060s)\nhex dump (first 32 bytes):\nf8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff ..........!.....\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[<ffffffffb324f557>] __kmalloc+0x47/0x120\n[<ffffffffb39ef37d>] hci_codec_list_add.isra.0+0x2d/0x160\n[<ffffffffb39ef643>] hci_read_codec_capabilities+0x183/0x270\n[<ffffffffb39ef9ab>] hci_read_supported_codecs+0x1bb/0x2d0\n[<ffffffffb39f162e>] hci_read_local_codecs_sync+0x3e/0x60\n[<ffffffffb39ff1b3>] hci_dev_open_sync+0x943/0x11e0\n[<ffffffffb396d55d>] hci_power_on+0x10d/0x3f0\n[<ffffffffb30c99b4>] process_one_work+0x404/0x800\n[<ffffffffb30ca134>] worker_thread+0x374/0x670\n[<ffffffffb30d9108>] kthread+0x188/0x1c0\n[<ffffffffb304db6b>] ret_from_fork+0x2b/0x50\n[<ffffffffb300206a>] ret_from_fork_asm+0x1a/0x30", "A memory leak flaw was found in the Linux kernel\u2019s Bluetooth functionality. This flaw allows a local user to crash the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-52518", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-52518\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52518\nhttps://lore.kernel.org/linux-cve-announce/2024030251-CVE-2023-52518-bcfa@gregkh/T/#u"], "statement": "This issue is fixed for Red Hat Enterprise Linux 8 starting from version 8.3.", "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.57, kernel 6.5.7, kernel 6.6"}