[UBUNTU OEM-6.0 0/1] CVE-2022-42896
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Jan 27 19:05:49 UTC 2023
[Impact]
There are use-after-free vulnerabilities in the Linux kernel net/bluetooth/
l2cap_core.c l2cap_connect and l2cap_le_connect_req functions which may allow
code execution and leaking kernel memory (respectively) remotely via Bluetooth.
A remote attacker could execute code leaking kernel memory via Bluetooth if
within proximity of the victim.
[Fix]
Two patches are necessary to fix this, but one is already applied to
linux-oem-6.0. Other kernels already got the two fixes, when appropriate.
[Potential regression]
Bluetooth connections might fail.
Luiz Augusto von Dentz (1):
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
net/bluetooth/l2cap_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list