CVE-2022-42896

Updated: 2024-11-24 03:54:56.34684

Description:

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 8.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 8.8 HIGH Released CLSA-2024:1712263970 2024-04-07 09:57:29
AlmaLinux 9.2 FIPS kernel 5.14.0 8.8 HIGH Released CLSA-2024:1712570434 2024-04-08 10:44:03
CentOS 6 ELS kernel 2.6.32 8.8 HIGH Released CLSA-2024:1705494430 2024-02-05 08:35:44
CentOS 7 ELS kernel 3.10.0 8.8 HIGH Already Fixed 2024-07-01 10:21:12
CentOS 8.4 ELS kernel 4.18.0 8.8 HIGH Released CLSA-2023:1686585068 2023-06-13 09:08:43
CentOS 8.5 ELS kernel 4.18.0 8.8 HIGH Released CLSA-2023:1686651204 2023-06-13 09:08:42
CloudLinux 6 ELS kernel 2.6.32 8.8 HIGH Ignored 2025-01-10 22:44:19
Oracle Linux 6 ELS kernel 2.6.32 8.8 HIGH Released CLSA-2024:1705496067 2024-01-17 08:48:20
Ubuntu 16.04 ELS linux 4.4.0 8.8 HIGH Released 2023-05-10 05:07:59
Ubuntu 16.04 ELS linux-hwe 4.15.0 8.8 HIGH Released CLSA-2023:1677764911 2023-03-02 09:38:15
Total: 11