Bug 2213132 (CVE-2023-31083) - CVE-2023-31083 kernel: race condition between HCIUARTSETPROTO and HCIUARTGETPROTO in hci_uart_tty_ioctl
Summary: CVE-2023-31083 kernel: race condition between HCIUARTSETPROTO and HCIUARTGETP...
Keywords:
Status: NEW
Alias: CVE-2023-31083
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2213133 2213134 2213135 2213136 2213137
Blocks: 2189448
TreeView+ depends on / blocked
 
Reported: 2023-06-07 08:13 UTC by Alex
Modified: 2023-10-29 11:27 UTC (History)
45 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in the Linux kernel’s Bluetooth HCI UART driver. This flaw allows a local user to crash the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Alex 2023-06-07 08:13:27 UTC 
A flaw in the Linux Kernel found in drivers/bluetooth/hci_ldisc.c. There is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.

Reference:
https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/
Comment 1 Alex 2023-06-07 08:13:52 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2213133]
Note You need to log in before you can comment on or make changes to this bug.