Fedora Account System
Red Hat Associate
Red Hat Customer
An insufficient permission check has been found in the Bluetooth subsystem of the Linux kernel when handling ioctl system calls of HCI sockets. This causes tasks without the proper CAP_NET_ADMIN capability can easily mark HCI sockets as _trusted_. Trusted sockets are intended to enable the sending and receiving of management commands and events, such as pairing or connecting with a new device. As a result, unprivileged users can acquire a trusted socket, leading to unauthorized execution of management commands. The exploit requires only the presence of a set of commonly used setuid programs (e.g., su, sudo). Reference: https://www.openwall.com/lists/oss-security/2023/04/16/3
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3708 https://access.redhat.com/errata/RHSA-2023:3708
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3723 https://access.redhat.com/errata/RHSA-2023:3723
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4137 https://access.redhat.com/errata/RHSA-2023:4137
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4138 https://access.redhat.com/errata/RHSA-2023:4138
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4789 https://access.redhat.com/errata/RHSA-2023:4789
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4961 https://access.redhat.com/errata/RHSA-2023:4961
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4962 https://access.redhat.com/errata/RHSA-2023:4962
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5255 https://access.redhat.com/errata/RHSA-2023:5255
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5244 https://access.redhat.com/errata/RHSA-2023:5244
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:1746 https://access.redhat.com/errata/RHSA-2024:1746
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:2003 https://access.redhat.com/errata/RHSA-2024:2003
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:2004 https://access.redhat.com/errata/RHSA-2024:2004
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Via RHSA-2024:4098 https://access.redhat.com/errata/RHSA-2024:4098