Updated: 2024-11-24 03:54:56.34684
Description:
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 8.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 8.8 | HIGH | Released | CLSA-2024:1712263970 | 2024-04-07 09:57:29 | |
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 8.8 | HIGH | Released | CLSA-2024:1712570434 | 2024-04-08 10:44:03 | |
CentOS 6 ELS | kernel | 2.6.32 | 8.8 | HIGH | Released | CLSA-2024:1705494430 | 2024-02-05 08:35:44 | |
CentOS 7 ELS | kernel | 3.10.0 | 8.8 | HIGH | Already Fixed | 2024-07-01 10:21:12 | ||
CentOS 8.4 ELS | kernel | 4.18.0 | 8.8 | HIGH | Released | CLSA-2023:1686585068 | 2023-06-13 09:08:43 | |
CentOS 8.5 ELS | kernel | 4.18.0 | 8.8 | HIGH | Released | CLSA-2023:1686651204 | 2023-06-13 09:08:42 | |
CloudLinux 6 ELS | kernel | 2.6.32 | 8.8 | HIGH | Ignored | 2025-01-10 22:44:19 | ||
Oracle Linux 6 ELS | kernel | 2.6.32 | 8.8 | HIGH | Released | CLSA-2024:1705496067 | 2024-01-17 08:48:20 | |
Ubuntu 16.04 ELS | linux | 4.4.0 | 8.8 | HIGH | Released | 2023-05-10 05:07:59 | ||
Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 8.8 | HIGH | Released | CLSA-2023:1677764911 | 2023-03-02 09:38:15 |