PT-2024-11818 · Linux+6 · Linux Kernel+6

Luiz Augusto Von Dentz

Published

2022-12-02

Updated

2025-09-29

CVE-2022-48947

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc2

Description The issue is related to a Bluetooth vulnerability in the Linux kernel, specifically an overflow in the L2CAP protocol. By continuously sending L2CAP CONF REQ packets, an attacker can cause the chan->num conf rsp variable to increase multiple times, eventually wrapping around the maximum number, which is 255. This is prevented by adding a boundary check with L2CAP MAX CONF RSP. The vulnerability can be exploited by sending packets with invalid sizes.

Recommendations To resolve the issue, update the Linux kernel to version 6.1.0-rc2 or later. As a temporary workaround, consider disabling Bluetooth functionality until a patch is available. Restrict access to the L2CAP protocol to minimize the risk of exploitation. Avoid using the L2CAP CONF REQ packet type in the affected API endpoint until the issue is resolved.

Exploit

Fix

DoS

Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-190

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-1066

BDU:2025-01695

CESA-2024_3138

CVE-2022-48947

INFSA-2024_2394

OPENSUSE-SU-2024_3983-1

OPENSUSE-SU-2024_3985-1

OPENSUSE-SU-2024_4131-1

OPENSUSE-SU-2024_4140-1

RHSA-2024:2394

RHSA-2024:3138

RHSA-2024_2394

RHSA-2024_3138

SUSE-SU-2024:3983-1

SUSE-SU-2024:3985-1

SUSE-SU-2024:4081-1

SUSE-SU-2024:4082-1

SUSE-SU-2024:4103-1

SUSE-SU-2024:4131-1

SUSE-SU-2024:4140-1

SUSE-SU-2024:4364-1

Affected Products

Alt Linux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Suse

PT-2024-11818 · Linux+6 · Linux Kernel+6

CVE-2022-48947

Weakness Enumeration

Related Identifiers

Affected Products

References · 1018