Tamás Koczka

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The Linux kernel has use-after-free vulnerabilities in the net/bluetooth/l2cap core.c's `l2cap connect` and `l2cap le connect req` functions. These vulnerabilities may allow code execution and leaking kernel memory remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. **Recommendations** Upgrade past commit https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 to resolve the issue. As a temporary workaround, consider disabling the `l2cap connect` and `l2cap le connect req` functions until a patch is available. Restrict access to the net/bluetooth/l2cap core.c module to minimize the risk of exploitation. Avoid using Bluetooth connectivity in affected systems until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap core.c's `l2cap parse conf req` function, which can be used to leak kernel pointers remotely. This vulnerability is associated with the use of an uninitialized variable `efs` in the `l2cap parse conf req()` function. **Recommendations** Upgrade past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e to resolve the issue. As a temporary workaround, consider restricting access to the `l2cap parse conf req` function in the net/bluetooth/l2cap core.c file until a patch is available.