Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-42896

Published: 23/11/2022 Updated: 01/03/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Subscribe to Linux Kernel

Vulnerability Summary

It exists that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-45934) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Ubuntu Security Notice: USN-5809-1: Linux kernel (OEM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5829-1: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_corec's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth A remote attacker could execute code leaking kernel ...
Arch Linux Issues:
use-after-free in net/bluetooth/l2cap_corec's l2cap_connect and l2cap_le_connect_req may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth ...
Ubuntu Security Notice: USN-5804-2: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5804-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5814-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5802-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5803-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5813-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5794-1: Linux kernel (AWS) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5808-1: Linux kernel (IBM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5780-1: Linux kernel (OEM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Amazon Linux 2: ALAS2-2022-1903
A vulnerability was found in Linux Kernel It has been declared as problematic Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler The manipulation leads to memory leak The attack can be launched remotely It is recommended to apply a patch to fix this issue The identifier VDB-211021 was assigned to t ...

Github Repositories

CVE-2022-42896 There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_corec's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim We recomme

Linux Kernel Exploitation A collection of links related to Linux kernel security and exploitation Updated bimonthly Pull requests are welcome as well Follow @andreyknvl on Twitter to be notified of updates Subscribe to @linkersec on Telegram, Twitter, or Reddit for highlights Trainings See xairyio/trainings/ Contents Books Techniques Exploitation Protection Bypasses

References

CWE-416https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4https://github.com/Live-Hack-CVE/CVE-2022-42896https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5809-1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2023-21068CVE-2023-21077unspecifiedCVE-2023-21070CVE-2023-21016file upload
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook