← Back

CVE-2022-42896

nvd nist
Published: Nov 23, 2022Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url

Affected (7)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
Before 4.9.335
Linux Kernel
From 4.10 to 4.14.301
Linux Kernel
From 4.15 to 4.19.268
Linux Kernel
From 4.20 to 5.4.226
Linux Kernel
From 5.11 to 5.15.78
Linux Kernel
From 5.16 to 6.0.8
Linux Kernel
From 5.5 to 5.10.154

Related CWEs

CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

Source: cve-coordination@google.com
PatchThird Party Advisory
Source: cve-coordination@google.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.