Stay Connected:

CVE-2022-42895

CVE Details

Release Date:2022-11-03

Description


There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

See more information about CVE-2022-42895 from MITRE CVE dictionary and NIST NVD


CVSS v3.0 metrics


NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score: 6.5 Base Metrics: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Vector: Adjacent network Attack Complexity: Low
Privileges Required: None User Interaction: None
Scope: Unchanged Confidentiality Impact: High
Integrity Impact: None Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (kernel-uek)ELSA-2023-121092023-02-07
Oracle Linux version 7 (kernel-uek)ELSA-2023-120082023-01-09
Oracle Linux version 7 (kernel-uek)ELSA-2023-121092023-02-07
Oracle Linux version 7 (kernel-uek)ELSA-2023-121172023-02-13
Oracle Linux version 7 (kernel-uek-container)ELSA-2023-120092023-01-09
Oracle Linux version 7 (kernel-uek-container)ELSA-2023-121182023-02-14
Oracle Linux version 8 (kernel)ELSA-2023-70772023-11-17
Oracle Linux version 8 (kernel-uek)ELSA-2023-120082023-01-09
Oracle Linux version 8 (kernel-uek)ELSA-2023-120172023-01-12
Oracle Linux version 8 (kernel-uek-container)ELSA-2023-120092023-01-09
Oracle Linux version 8 (kernel-uek-container)ELSA-2023-120182023-01-12
Oracle Linux version 9 (kernel)ELSA-2023-65832023-11-12
Oracle Linux version 9 (kernel-uek)ELSA-2023-120172023-01-12



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights