CVE-2022-3564
Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
Se ha encontrado una vulnerabilidad clasificada como crítica en el Kernel de Linux. Esta vulnerabilidad afecta a la función l2cap_reassemble_sdu del archivo net/bluetooth/l2cap_core.c del componente Bluetooth. La manipulación conlleva a un uso de memoria previamente liberada. Es recomendado aplicar un parche para corregir este problema. El identificador asociado a esta vulnerabilidad es VDB-211087
A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges.
Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the video4linux driver for Empia based TV cards in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-17 CVE Reserved
- 2022-10-17 CVE Published
- 2023-09-14 First Exploit
- 2024-08-03 CVE Updated
- 2025-03-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-416: Use After Free
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20221223-0001 | Third Party Advisory |
|
| https://vuldb.com/?id.211087 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/Trinadh465/linux-4.1.15_CVE-2022-3564 | 2023-09-14 |
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-3564 | 2023-07-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2150999 | 2023-07-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.6 < 4.9.333 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 4.9.333" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.299 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.299" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.19.265 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.265" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.4.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.224" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.5.0 < 5.10.154 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5.0 < 5.10.154" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 5.15.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.78" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.16 < 6.0.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.0.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||