Updated: 2023-11-07 19:30:58.877362
Description:
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 8.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 8.8 | HIGH | Needs Triage | 2023-11-07 16:11:44 | |
| AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 8.8 | HIGH | Needs Triage | 2023-11-20 10:07:07 | |
| CentOS 6 ELS | kernel | 2.6.32 | 8.8 | HIGH | Needs Triage | 2023-03-01 23:05:32 | |
| CentOS 7 ELS | kernel | 3.10.0 | 8.8 | HIGH | Needs Triage | 2023-09-18 17:08:42 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 8.8 | HIGH | Released | CLSA-2023:1686585068 | 2023-06-13 09:08:43 |
| CentOS 8.5 ELS | kernel | 4.18.0 | 8.8 | HIGH | Released | CLSA-2023:1686651204 | 2023-06-13 09:08:42 |
| CloudLinux 6 ELS | kernel | 2.6.32 | 8.8 | HIGH | Needs Triage | 2023-03-01 23:05:31 | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | 8.8 | HIGH | Needs Triage | 2023-03-01 23:05:33 | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 8.8 | HIGH | Released | 2023-05-10 05:07:59 | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 8.8 | HIGH | Released | CLSA-2023:1677764911 | 2023-03-02 09:38:15 |