CVE-2022-42896

CVSS v3.1 8.8 (High)

EPSS 0.15 % (52^th)

Affected Products 1

Advisories 60

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.

We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Google Inc.
Published Date: 2022-11-23 15:15:10
(22 months ago)
Updated Date: 2023-11-07 03:53:40
(10 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 4.9.335 version	cpe:2.3:o:linux:linux_kernel		< 4.9.335
Linux Kernel from 4.10 version and prior 4.14.301 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.14.301
Linux Kernel from 4.15 version and prior 4.19.268 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.19.268
Linux Kernel from 4.20 version and prior 5.4.226 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.4.226
Linux Kernel from 5.5 version and prior 5.10.154 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.154
Linux Kernel from 5.11 version and prior 5.15.78 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.78
Linux Kernel from 5.16 version and prior 6.0.8 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.0.8