Lucene search

K
nvd[email protected]NVD:CVE-2022-42895
HistoryNov 23, 2022 - 3:15 p.m.

CVE-2022-42895

2022-11-2315:15:10
CWE-824
web.nvd.nist.gov
11
infoleak
linux kernel
l2cap_parse_conf_req
vulnerability
upgrade

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.0%

There is an infoleak vulnerability in the Linux kernel’s net/bluetooth/l2cap_core.c’s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.
We recommend upgrading past commitΒ  https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

Affected configurations

Nvd
Node
linuxlinux_kernelMatch-
VendorProductVersionCPE
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.0%