CVE-2022-3563

CVE-2022-3563

Name

CVE-2022-3563

Description

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://vuldb.com/?id.211086
MISC	https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e

Type

URI

MISC

https://vuldb.com/?id.211086

MISC

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:linux:linux_kernel:-:::::::*`	linux_kernel	== None	== -
`cpe:2.3:a:bluez:bluez::::::::`	bluez	>= None	< 5.65

CPE URI

Source package

Min version

Max version

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

linux_kernel

== None

== -

cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*

bluez

>= None

< 5.65

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
bluez	edge-main	5.54-r0	None	possibly vulnerable
bluez	3.22-main	5.54-r0	None	possibly vulnerable
bluez	3.21-main	5.54-r0	None	possibly vulnerable
bluez	3.20-main	5.54-r0	None	possibly vulnerable
bluez	3.19-main	5.54-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

bluez

edge-main

5.54-r0

None

possibly vulnerable

bluez

3.22-main