CVE-2023-1901

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Jul 10, 2023

Updated: Jul 14, 2023

CWE ID 787

Summary

CVE-2023-1901 is a vulnerability affecting the Bluetooth HCI host layer. The issue stems from a failure to clear a global semaphore reference after synchronously sending HCI commands. This oversight allows a malicious HCI Controller to exploit the dangling reference, potentially causing a denial-of-service (DoS) or even achieving remote code execution (RCE) within the host layer.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zephyrproject Zephyr

Affected Vendors

Zephyr Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rqGYaF
https://www.cve.org/CVERecord?id=CVE-2023-1901
https://nvd.nist.gov/vuln/detail/CVE-2023-1901

Back to Vulnerability Database