Bug 2150953 (CVE-2022-3565) - CVE-2022-3565 kernel: use-after-free in l1oip timer handlers
Summary: CVE-2022-3565 kernel: use-after-free in l1oip timer handlers
Keywords:
Status: NEW
Alias: CVE-2022-3565
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2162419 2162420 2162421 2162422 2150954
Blocks: 2150724
TreeView+ depends on / blocked
 
Reported: 2022-12-05 17:30 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-01-19 14:28 UTC (History)
36 users (show)

Fixed In Version: kernel 6.1-rc1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2022-12-05 17:30:35 UTC
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.

Reference:
https://vuldb.com/?id.211088

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f

Comment 1 Guilherme de Almeida Suckevicz 2022-12-05 17:30:59 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2150954]

Comment 2 Justin M. Forbes 2022-12-08 15:39:44 UTC
While ISDN is disabled in Fedora kernels, a patch for this was included in 6.0.3 for users who might be building their own kernels.


Note You need to log in before you can comment on or make changes to this bug.