CVE-2023-28464
📋 TL;DR
This vulnerability is a use-after-free and double-free flaw in the Linux kernel's Bluetooth subsystem that can lead to privilege escalation. Attackers with local access can exploit memory corruption to gain root privileges. Affects Linux systems with Bluetooth enabled running vulnerable kernel versions.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains root privileges, leading to complete system compromise, data theft, and persistence establishment.
Likely Case
Local privilege escalation allowing attackers to bypass security controls and execute arbitrary code as root.
If Mitigated
Limited impact if Bluetooth is disabled or SELinux/AppArmor properly configured to restrict Bluetooth operations.
🎯 Exploit Status
Exploit requires local access and knowledge of memory layout. Proof-of-concept code exists in public disclosures.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 6.2.10 and later, or backported patches for stable branches
Vendor Advisory: https://www.kernel.org/
Restart Required: Yes
Instructions:
1. Update kernel to 6.2.10 or later via distribution package manager. 2. For distributions with backports, apply security updates for current kernel version. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable Bluetooth
linuxCompletely disable Bluetooth subsystem to prevent exploitation
sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo modprobe -r btusb bluetooth
Blacklist Bluetooth modules
linuxPrevent Bluetooth kernel modules from loading
echo 'blacklist bluetooth' | sudo tee /etc/modprobe.d/disable-bluetooth.conf
echo 'blacklist btusb' | sudo tee -a /etc/modprobe.d/disable-bluetooth.conf
🧯 If You Can't Patch
- Disable Bluetooth completely on affected systems
- Implement strict access controls to limit local user privileges and monitor for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If version is 6.2.9 or earlier and Bluetooth is enabled, system is vulnerable.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is 6.2.10 or later: uname -r. Check if Bluetooth is still required to be disabled if using workaround.📡 Detection & Monitoring
Log Indicators:
- Kernel panic or oops messages related to hci_conn_cleanup
- Unexpected privilege escalation events
- Bluetooth subsystem crashes in dmesg
Network Indicators:
- None - local exploitation only
SIEM Query:
source="kernel" AND ("hci_conn_cleanup" OR "double free" OR "use-after-free")🔗 References
- https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/
- https://security.netapp.com/advisory/ntap-20230517-0004/
- https://www.openwall.com/lists/oss-security/2023/03/28/2
- https://www.openwall.com/lists/oss-security/2023/03/28/3
- https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm%40gmail.com/
- https://security.netapp.com/advisory/ntap-20230517-0004/
- https://www.openwall.com/lists/oss-security/2023/03/28/2
- https://www.openwall.com/lists/oss-security/2023/03/28/3
