Bug 2150999 (CVE-2022-3564) - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
Summary: CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/...
Keywords:
Status: NEW
Alias: CVE-2022-3564
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2152921 2152938 2152939 2152941 2153001 2210946 2151000 2152920 2152922 2152923 2152924 2152925 2152926 2152927 2152928 2152929 2152931 2152932 2152933 2152934 2152935 2152936 2152937 2152940 2152942 2152943 2152944 2153000 2153002 2153003 2153004 2153005 2153006 2153007 2160012 2165310
Blocks: 2150891
TreeView+ depends on / blocked
 
Reported: 2022-12-05 19:53 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-06-06 18:01 UTC (History)
45 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges.
Clone Of:
Environment:
Last Closed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:1050 0 None None None 2023-03-02 05:37:44 UTC
Red Hat Product Errata RHBA-2023:1629 0 None None None 2023-04-04 15:16:24 UTC
Red Hat Product Errata RHSA-2023:0856 0 None None None 2023-02-21 10:03:02 UTC
Red Hat Product Errata RHSA-2023:0858 0 None None None 2023-02-21 10:03:32 UTC
Red Hat Product Errata RHSA-2023:0951 0 None None None 2023-02-28 08:18:42 UTC
Red Hat Product Errata RHSA-2023:0979 0 None None None 2023-02-28 09:51:12 UTC
Red Hat Product Errata RHSA-2023:1008 0 None None None 2023-02-28 11:42:39 UTC
Red Hat Product Errata RHSA-2023:1202 0 None None None 2023-03-14 13:53:44 UTC
Red Hat Product Errata RHSA-2023:1203 0 None None None 2023-03-14 13:54:05 UTC
Red Hat Product Errata RHSA-2023:1220 0 None None None 2023-03-14 13:58:15 UTC
Red Hat Product Errata RHSA-2023:1221 0 None None None 2023-03-14 13:58:44 UTC
Red Hat Product Errata RHSA-2023:1251 0 None None None 2023-03-15 09:49:24 UTC
Red Hat Product Errata RHSA-2023:1435 0 None None None 2023-03-23 09:03:36 UTC
Red Hat Product Errata RHSA-2023:1559 0 None None None 2023-04-04 06:55:33 UTC
Red Hat Product Errata RHSA-2023:1560 0 None None None 2023-04-04 06:54:52 UTC
Red Hat Product Errata RHSA-2023:1666 0 None None None 2023-04-05 16:16:38 UTC
Red Hat Product Errata RHSA-2023:2736 0 None None None 2023-05-16 08:05:57 UTC
Red Hat Product Errata RHSA-2023:2951 0 None None None 2023-05-16 08:34:43 UTC
Red Hat Product Errata RHSA-2023:3277 0 None None None 2023-05-23 14:00:45 UTC
Red Hat Product Errata RHSA-2023:3278 0 None None None 2023-05-23 14:00:56 UTC
Red Hat Product Errata RHSA-2023:3388 0 None None None 2023-05-31 15:50:50 UTC
Red Hat Product Errata RHSA-2023:3431 0 None None None 2023-06-05 08:14:30 UTC
Red Hat Product Errata RHSA-2023:3491 0 None None None 2023-06-06 14:11:51 UTC

Description Guilherme de Almeida Suckevicz 2022-12-05 19:53:24 UTC 
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.

Reference:
https://vuldb.com/?id.211087

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1
Comment 1 Guilherme de Almeida Suckevicz 2022-12-05 19:53:46 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2151000]
Comment 2 Justin M. Forbes 2022-12-08 15:53:33 UTC 
This was fixed for Fedora with the 6.0.8 stable kernel updates.
Comment 15 errata-xmlrpc 2023-02-21 10:02:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0856 https://access.redhat.com/errata/RHSA-2023:0856
Comment 16 errata-xmlrpc 2023-02-21 10:03:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0858 https://access.redhat.com/errata/RHSA-2023:0858
Comment 17 errata-xmlrpc 2023-02-28 08:18:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0951 https://access.redhat.com/errata/RHSA-2023:0951
Comment 18 errata-xmlrpc 2023-02-28 09:51:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0979 https://access.redhat.com/errata/RHSA-2023:0979
Comment 19 errata-xmlrpc 2023-02-28 11:42:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:1008 https://access.redhat.com/errata/RHSA-2023:1008
Comment 20 errata-xmlrpc 2023-03-14 13:53:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1202 https://access.redhat.com/errata/RHSA-2023:1202
Comment 21 errata-xmlrpc 2023-03-14 13:54:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1203 https://access.redhat.com/errata/RHSA-2023:1203
Comment 22 errata-xmlrpc 2023-03-14 13:58:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1220 https://access.redhat.com/errata/RHSA-2023:1220
Comment 23 errata-xmlrpc 2023-03-14 13:58:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1221 https://access.redhat.com/errata/RHSA-2023:1221
Comment 24 errata-xmlrpc 2023-03-15 09:49:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:1251 https://access.redhat.com/errata/RHSA-2023:1251
Comment 25 errata-xmlrpc 2023-03-23 09:03:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:1435 https://access.redhat.com/errata/RHSA-2023:1435
Comment 28 errata-xmlrpc 2023-04-04 06:54:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1560 https://access.redhat.com/errata/RHSA-2023:1560
Comment 29 errata-xmlrpc 2023-04-04 06:55:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:1559 https://access.redhat.com/errata/RHSA-2023:1559
Comment 30 errata-xmlrpc 2023-04-05 16:16:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Via RHSA-2023:1666 https://access.redhat.com/errata/RHSA-2023:1666
Comment 31 errata-xmlrpc 2023-05-16 08:05:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2736 https://access.redhat.com/errata/RHSA-2023:2736
Comment 32 errata-xmlrpc 2023-05-16 08:34:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2951 https://access.redhat.com/errata/RHSA-2023:2951
Comment 33 errata-xmlrpc 2023-05-23 14:00:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2023:3277 https://access.redhat.com/errata/RHSA-2023:3277
Comment 34 errata-xmlrpc 2023-05-23 14:00:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions

Via RHSA-2023:3278 https://access.redhat.com/errata/RHSA-2023:3278
Comment 35 errata-xmlrpc 2023-05-31 15:50:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3388 https://access.redhat.com/errata/RHSA-2023:3388
Comment 36 errata-xmlrpc 2023-06-05 08:14:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3431 https://access.redhat.com/errata/RHSA-2023:3431
Comment 37 errata-xmlrpc 2023-06-06 14:11:47 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2023:3491 https://access.redhat.com/errata/RHSA-2023:3491
Note You need to log in before you can comment on or make changes to this bug.