Stay Connected:

CVE-2022-42895

CVE Details

Release Date:2022-11-03
Impact:Moderate What is this?

Description


There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

See more information about CVE-2022-42895 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 6.5
Vector String: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.0
Attack Vector: Adjacent_Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (kernel-uek)ELSA-2023-121092023-02-07
Oracle Linux version 7 (kernel-uek)ELSA-2023-120082023-01-09
Oracle Linux version 7 (kernel-uek)ELSA-2023-121092023-02-07
Oracle Linux version 7 (kernel-uek)ELSA-2023-121172023-02-13
Oracle Linux version 7 (kernel-uek-container)ELSA-2023-120092023-01-09
Oracle Linux version 7 (kernel-uek-container)ELSA-2023-121182023-02-14
Oracle Linux version 8 (kernel)ELSA-2023-70772023-11-17
Oracle Linux version 8 (kernel-uek)ELSA-2023-120082023-01-09
Oracle Linux version 8 (kernel-uek)ELSA-2023-120172023-01-12
Oracle Linux version 8 (kernel-uek-container)ELSA-2023-120092023-01-09
Oracle Linux version 8 (kernel-uek-container)ELSA-2023-120182023-01-12
Oracle Linux version 9 (kernel)ELSA-2023-65832023-11-12
Oracle Linux version 9 (kernel-uek)ELSA-2023-120172023-01-12


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights