Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-3564 |
CWE-ID | CWE-416 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system kpatch-patch-3_10_0-1160_92_1 (Red Hat package) Operating systems & Components / Operating system package or component kpatch-patch-3_10_0-1160_90_1 (Red Hat package) Operating systems & Components / Operating system package or component kpatch-patch-3_10_0-1160_88_1 (Red Hat package) Operating systems & Components / Operating system package or component kpatch-patch-3_10_0-1160_83_1 (Red Hat package) Operating systems & Components / Operating system package or component kpatch-patch-3_10_0-1160_81_1 (Red Hat package) Operating systems & Components / Operating system package or component |
Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU69799
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3564
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.
Install updates from vendor's website.
Red Hat Enterprise Linux for Power, little endian: 7
Red Hat Enterprise Linux Server: 7
kpatch-patch-3_10_0-1160_92_1 (Red Hat package): before 1-1.el7
kpatch-patch-3_10_0-1160_90_1 (Red Hat package): before 1-1.el7
kpatch-patch-3_10_0-1160_88_1 (Red Hat package): before 1-1.el7
kpatch-patch-3_10_0-1160_83_1 (Red Hat package): before 1-2.el7
kpatch-patch-3_10_0-1160_81_1 (Red Hat package): before 1-3.el7
External linkshttp://access.redhat.com/errata/RHSA-2023:4215
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.