CVE-2022-42896

Info Leak in l2cap_core in the Linux Kernel

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url

Existen vulnerabilidades de use-after-free en las funciones l2cap_connect y l2cap_le_connect_req del kernel de Linux net/bluetooth/l2cap_core.c que pueden permitir la ejecución de código y la pérdida de memoria del kernel (respectivamente) de forma remota a través de Bluetooth. Un atacante remoto podría ejecutar código que filtre la memoria del kernel a través de Bluetooth si se encuentra cerca de la víctima. Recomendamos actualizar al commit anterior https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim.

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-12 CVE Reserved
2022-11-23 CVE Published
2023-04-05 First Exploit
2024-08-03 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-416: Use After Free

CAPEC

CAPEC-253: Remote Code Inclusion

References (7)

URL	Tag	Source

URL	Date	SRC
https://github.com/Satheesh575555/linux-4.19.72_CVE-2022-42896	2023-04-05
https://github.com/hshivhare67/kernel_v4.19.72_CVE-2022-42896_old	2023-04-06
https://github.com/Trinadh465/linux-4.19.72_CVE-2022-42896	2023-04-05

URL	Date	SRC
https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4	2023-11-07
https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4	2023-11-07

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-42896	2024-04-10
https://bugzilla.redhat.com/show_bug.cgi?id=2147364	2024-04-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.335 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.335"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 4.14.301 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.301"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 4.19.268 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.268"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.4.226 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.226"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.154 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.154"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.15.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.78"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.16 < 6.0.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.0.8"		-		Affected