CVE-2023-1902

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Jul 10, 2023

Updated: Jul 17, 2023

CWE ID 416

Summary

CVE-2023-1902 is a vulnerability affecting the Bluetooth HCI (Host Controller Interface) host layer logic. Malicious HCI Controllers can exploit this issue by failing to clear a global reference to a state pointer after handling connection events. This results in a dangling reference within the host layer, potentially leading to a denial-of-service (DoS) crash or even remote code execution (RCE) on the host layer.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zephyrproject Zephyr

Affected Vendors

Zephyr Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8DKaT
https://www.cve.org/CVERecord?id=CVE-2023-1902
https://nvd.nist.gov/vuln/detail/CVE-2023-1902

Back to Vulnerability Database