CVE-2022-42896

Name
CVE-2022-42896
Description
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4
MISC https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* linux_kernel == None == -
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None < 4.9.335
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.10 < 4.14.301
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.15 < 4.19.268
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.20 < 5.4.226
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.5 < 5.10.154
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.11 < 5.15.78
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.16 < 6.0.8

Vulnerable and fixed packages

Source package Branch Version Maintainer Status