Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-3564 |
CWE-ID | CWE-416 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
CentOS Operating systems & Components / Operating system |
Vendor | CentOS Project |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU69799
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3564
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.
Update the affected packages.
Vulnerable software versionsCentOS: 7
External linkshttp://lists.centos.org/pipermail/centos-announce/2023-August/086418.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.