Main Vulnerability Database Vulnerabilities #VU69709

#VU69709 Buffer overflow in Linux kernel - CVE-2022-3565

Published: November 29, 2022

Vulnerability identifier: #VU69709

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-3565

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the del_timer() function in drivers/isdn/mISDN/l1oip_core.c in the Bluetooth component. An attacker with physical proximity to device can trigger memory corruption and execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f