Updated: 2023-03-01 22:11:58.869054
Description:
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 8.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | kernel | 2.6.32 | 8.8 | HIGH | Needs Triage | 2023-03-01 23:05:32 | |
CentOS 8.4 ELS | kernel | 4.18.0-305.25.1 | 8.8 | HIGH | Needs Triage | 2022-11-30 10:36:02 | |
CentOS 8.5 ELS | kernel | 4.18.0-348.7.1 | 8.8 | HIGH | Needs Triage | 2022-11-30 10:36:09 | |
CloudLinux 6 ELS | kernel | 2.6.32 | 8.8 | HIGH | Needs Triage | 2023-03-01 23:05:31 | |
Oracle Linux 6 ELS | kernel | 2.6.32 | 8.8 | HIGH | Needs Triage | 2023-03-01 23:05:33 | |
Ubuntu 16.04 ELS | linux | 4.4.0 | 8.8 | HIGH | In Testing | 2023-02-03 07:39:20 | |
Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 8.8 | HIGH | Released | CLSA-2023:1677764911 | 2023-03-02 09:38:15 |
Ubuntu 18.04 ELS | linux | 4.15.0 | 8.8 | HIGH | Needs Triage | 2023-03-01 23:05:04 |