{"uuid": "f2a25699-0dbd-4379-82c3-962a395900c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2002", "type": "published-proof-of-concept", "source": "https://t.me/RespaldoHackingTeam/1408", "content": "\ud83d\udd25Linux Bluetooth: Unauthorized management command execution (CVE-2023-2002, PoC exploit included)\nAn insufficient permission check has been found in the Bluetooth subsystem of the Linux kernel when handling ioctl system calls of HCI sockets. This causes tasks without the proper CAP_NET_ADMIN capability can easily mark HCI sockets as trusted. Trusted sockets are intended to enable the sending and receiving of management commands and events, such as pairing or connecting with a new device. As a result, unprivileged users can acquire a trusted socket, leading to unauthorized execution of management commands. The exploit requires only the presence of a set of commonly used setuid programs.\n\n\u26a0\ufe0fIf successfully exploited, the identified vulnerability has the potential to compromise the confidentiality, integrity, and availability of Bluetooth communication. Attackers can exploit this vulnerability to pair the controller with malicious devices, even if the Bluetooth service is disabled or not installed.", "creation_timestamp": "2023-04-19T08:40:50.000000Z"}