High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2023-40283
High
Low
Medium
High
Critical
7.8
CVSS Score
Vulnerability Description
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
8 configuration(s) from 2 vendor(s)
ubuntu_linux
Version:
14.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
16.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
ubuntu_linux
Version:
18.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
20.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*
ubuntu_linux
Version:
22.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
debian_linux
Version:
12.0
CPE:
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
debian_linux
Version:
10.0
CPE:
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian_linux
Version:
11.0
CPE:
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
This vulnerability affects 8 software configuration(s). Ensure you patch all affected systems.
Microsoft
2023-Aug-CVE-2023-40283
CVE-2023-40283: An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
Severity
Unknown
Released
Sep 04, 2025
Security Update
References & Resources
-
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.htmlcve@mitre.org Third Party Advisory VDB Entry
-
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.htmlcve@mitre.org Third Party Advisory VDB Entry
-
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10cve@mitre.org Release Notes
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1cve@mitre.org Patch
-
https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1cve@mitre.org Patch
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlcve@mitre.org Mailing List Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.htmlcve@mitre.org Issue Tracking Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20231020-0007/cve@mitre.org Third Party Advisory
-
https://www.debian.org/security/2023/dsa-5480cve@mitre.org Third Party Advisory
-
https://www.debian.org/security/2023/dsa-5492cve@mitre.org Third Party Advisory
-
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10af854a3a-2127-422b-91ae-364da2661108 Release Notes
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1af854a3a-2127-422b-91ae-364da2661108 Patch
-
https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1af854a3a-2127-422b-91ae-364da2661108 Patch
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20231020-0007/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.debian.org/security/2023/dsa-5480af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.debian.org/security/2023/dsa-5492af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
7.8
out of 10.0
High
Weakness Type (CWE)
CWE-416
Top 25 #12
Use After Free
- Description
- The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations…
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Variant
Key Information
- Published Date
- August 14, 2023
