PT-2022-6333 · Linux+8 · Linux Kernel+8
Tamás Koczka
·
Published
2022-11-02
·
Updated
2023-11-14
·
CVE-2022-42895
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap core.c's
l2cap parse conf req function, which can be used to leak kernel pointers remotely. This vulnerability is associated with the use of an uninitialized variable efs in the l2cap parse conf req() function.Recommendations
Upgrade past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e to resolve the issue. As a temporary workaround, consider restricting access to the
l2cap parse conf req function in the net/bluetooth/l2cap core.c file until a patch is available.Fix
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu