#VU69795 Use-after-free in Linux kernel


Published: 2022-12-01

Vulnerability identifier: #VU69795

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42896

CWE-ID: CWE-416

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the l2cap_connect() and l2cap_le_connect_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can trigger a use-after-free error and execute arbitrary code on the system.


Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4
http://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Oracle Linux
Red Hat Enterprise Linux 7.7 Advanced Update Support update for kernel
CentOS 7 update for kernel
Red Hat Enterprise Linux 7 update for kpatch-patch
Red Hat Enterprise Linux 7 update for kernel-rt
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise Linux 7.6 Advanced Update Support update for kernel
Multiple vulnerabilities in Juniper Networks Session Smart Router
Multiple vulnerabilities in Migration Toolkit for Virtualization 2.4
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions update for kpatch-patch