Bug 2139610 (CVE-2022-3640) - CVE-2022-3640 kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c
Summary: CVE-2022-3640 kernel: use after free flaw in l2cap_conn_del in net/bluetooth/...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-3640
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2139614 2139615 2139616 2139617 2139618 2140026
Blocks: 2137103
TreeView+ depends on / blocked
 
Reported: 2022-11-03 05:27 UTC by Rohit Keshri
Modified: 2024-04-30 16:59 UTC (History)
50 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A vulnerability was found in the Linux Kernel in the l2cap_conn_del in net/bluetooth/l2cap_core.c function in the Bluetooth component. This issue leads to a use-after-free problem.
Clone Of:
Environment:
Last Closed: 2023-05-09 17:15:05 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:7268 0 None None None 2023-11-15 18:25:09 UTC
Red Hat Product Errata RHBA-2023:7328 0 None None None 2023-11-16 11:38:39 UTC
Red Hat Product Errata RHBA-2023:7338 0 None None None 2023-11-16 18:03:58 UTC
Red Hat Product Errata RHBA-2023:7343 0 None None None 2023-11-20 01:58:21 UTC
Red Hat Product Errata RHBA-2023:7346 0 None None None 2023-11-20 09:25:26 UTC
Red Hat Product Errata RHSA-2023:2148 0 None None None 2023-05-09 07:12:16 UTC
Red Hat Product Errata RHSA-2023:2458 0 None None None 2023-05-09 07:51:55 UTC
Red Hat Product Errata RHSA-2023:6901 0 None None None 2023-11-14 15:14:41 UTC
Red Hat Product Errata RHSA-2023:7077 0 None None None 2023-11-14 15:20:18 UTC
Red Hat Product Errata RHSA-2024:1877 0 None None None 2024-04-18 02:29:34 UTC
Red Hat Product Errata RHSA-2024:2621 0 None None None 2024-04-30 16:59:20 UTC

Description Rohit Keshri 2022-11-03 05:27:52 UTC
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.

https://vuldb.com/?id.211944
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979

Comment 1 Rohit Keshri 2022-11-03 05:45:16 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2139614]

Comment 8 errata-xmlrpc 2023-05-09 07:12:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2148 https://access.redhat.com/errata/RHSA-2023:2148

Comment 9 errata-xmlrpc 2023-05-09 07:51:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2458 https://access.redhat.com/errata/RHSA-2023:2458

Comment 10 Product Security DevOps Team 2023-05-09 17:15:00 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3640

Comment 11 errata-xmlrpc 2023-11-14 15:14:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901

Comment 12 errata-xmlrpc 2023-11-14 15:20:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077

Comment 15 errata-xmlrpc 2024-04-18 02:29:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1877 https://access.redhat.com/errata/RHSA-2024:1877

Comment 17 errata-xmlrpc 2024-04-30 16:59:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:2621 https://access.redhat.com/errata/RHSA-2024:2621


Note You need to log in before you can comment on or make changes to this bug.