crash.software
Projects
Pull Requests
Issues
Builds
CVE-2022-42895-42896_LinuxKernel-L2CAP
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY CVE-2022-42895-42896_LinuxKernel-L2CAP Files
🤬
master
ROOT /
Enable build support by adding .buildspec.yml
README.md Loading last commit info...
cve-2022-42895.c
cve-2022-42896_read.c
cve-2022-42896_write.c
README.md

CVE-2022-42895

Kernel (Linux) > v3.0.0

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.

The bug was introduced in commit 42dceae (version: 3.0.0, date: 2011-Oct-17).

Severity

Moderate - The leak in Bluetooth L2CAP handling can be used to leak kernel pointers remotely.

CVE-2022-42896 R / W

Kernel (Linux) > v3.16.0

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.

The l2cap_le_connect_req bug was introduced in commit 27e2d4c (version: 3.12.0, date: 2013-Dec-05), the SMP channel is available since commit 70db83c (version: 3.16.0, date: 2014-Aug-14).

Severity

Moderate

Please wait...
Page is in error, reload to recover