Lucene search

CVE-2022-42896

🗓️ 23 Nov 2022 15:10:15Reported by GoogleType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 245 Views🌐 WEB

Use-after-free vulnerabilities in Linux kernel's net/bluetooth/l2cap_core.c, allows remote code execution and memory leakage via Bluetooth

Reporter	Title	Published	Views	Family All 199
Cvelist	CVE-2022-42896 Info Leak in l2cap_core in the Linux Kernel	23 Nov 202214:11	–	cvelist
NVD	CVE-2022-42896	23 Nov 202215:15	–	nvd
OSV	RHSA-2023:3461 Red Hat Security Advisory: kernel security and bug fix update	13 Sep 202421:13	–	osv
OSV	RHSA-2023:3462 Red Hat Security Advisory: kernel-rt security and bug fix update	13 Sep 202421:13	–	osv
OSV	RHSA-2023:3517 Red Hat Security Advisory: kpatch-patch security update	13 Sep 202421:12	–	osv
OSV	linux-oem-5.17 vulnerability	16 Dec 202217:34	–	osv
OSV	RHSA-2023:4230 Red Hat Security Advisory: kpatch-patch security update	13 Sep 202421:14	–	osv
OSV	RHSA-2024:0980 Red Hat Security Advisory: kernel security update	13 Sep 202421:19	–	osv
OSV	RHSA-2023:4531 Red Hat Security Advisory: kpatch-patch security update	13 Sep 202421:14	–	osv
OSV	linux-oem-5.14 vulnerabilities	17 Jan 202318:10	–	osv

Nvd

Node

linux linux_kernelRange<4.9.335

linux linux_kernelRange4.10–4.14.301

linux linux_kernelRange4.15–4.19.268

linux linux_kernelRange4.20–5.4.226

linux linux_kernelRange5.5–5.10.154

linux linux_kernelRange5.11–5.15.78

linux linux_kernelRange5.16–6.0.8

[
  {
    "defaultStatus": "unaffected",
    "packageName": "kernel",
    "product": "Linux Kernel",
    "repo": "https://git.kernel.org",
    "vendor": "Linux",
    "versions": [
      {
        "lessThanOrEqual": "711f8c3fb3db61897080468586b970c87c61d9e4",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kernel	www.kernel.dance/
github	www.github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4

Parameter	Position	Path	Description	CWE
l2cap_connect	path	net/bluetooth/l2cap_core.c	Use-after-free vulnerabilities in l2cap_connect and l2cap_le_connect_req functions may allow code execution and leaking kernel memory remotely via Bluetooth.	CWE-416
l2cap_le_connect_req	path	net/bluetooth/l2cap_core.c	Use-after-free vulnerabilities in l2cap_connect and l2cap_le_connect_req functions may allow code execution and leaking kernel memory remotely via Bluetooth.	CWE-416

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Nov 2022 15:15Current

8.7High risk

Vulners AI Score8.7

CVSS38 - 8.8

EPSS0.00237

CWE-416