An insufficient permission check has been found in the Bluetooth subsystem of the Linux kernel when handling ioctl system calls of HCI sockets. This causes tasks without the proper CAP_NET_ADMIN capability can easily mark HCI sockets as _trusted_. Trusted sockets are intended to enable the sending and receiving of management commands and events, such as pairing or connecting with a new device. As a result, unprivileged users can acquire a trusted socket, leading to unauthorized execution of management commands. The exploit requires only the presence of a set of commonly used setuid programs (e.g., su, sudo). Reference: https://www.openwall.com/lists/oss-security/2023/04/16/3
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3708 https://access.redhat.com/errata/RHSA-2023:3708
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3723 https://access.redhat.com/errata/RHSA-2023:3723
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4137 https://access.redhat.com/errata/RHSA-2023:4137
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4138 https://access.redhat.com/errata/RHSA-2023:4138
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4789 https://access.redhat.com/errata/RHSA-2023:4789
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4961 https://access.redhat.com/errata/RHSA-2023:4961
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4962 https://access.redhat.com/errata/RHSA-2023:4962
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5255 https://access.redhat.com/errata/RHSA-2023:5255
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5244 https://access.redhat.com/errata/RHSA-2023:5244
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:1746 https://access.redhat.com/errata/RHSA-2024:1746
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:2003 https://access.redhat.com/errata/RHSA-2024:2003
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:2004 https://access.redhat.com/errata/RHSA-2024:2004