Bug 2147364 (CVE-2022-42896) - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
Summary: CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_r...
Status: NEW
Alias: CVE-2022-42896
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2148402 2148403 2148404 2148405 2176640 2176643 2176644 2176645 2176646 2176647 2176648 2176650 2176651 2176653 2176654 2176655 2176656 2176657 2176659 2176661 2176662 2176663 2176664 2176665 2176666 2176668 2176669 2176671 2176672 2176673 2176674 2176675 2176676 2176678 2148401 2176641 2176649 2176660 2176667 2176677 2176679
Blocks: 2142956
TreeView+ depends on / blocked
Reported: 2022-11-23 19:24 UTC by Pedro Sampaio
Modified: 2023-03-08 22:14 UTC (History)
40 users (show)

Fixed In Version: kernel 6.1-rc4
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Pedro Sampaio 2022-11-23 19:24:35 UTC
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.



Comment 1 Mauro Matteo Cascella 2022-11-25 11:14:31 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2148401]

Comment 3 Justin M. Forbes 2022-11-30 21:16:15 UTC
This was fixed for Fedora with the 6.0.8 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.