README.md | Loading last commit info... | |
cve-2022-42895.c | ||
cve-2022-42896_read.c | ||
cve-2022-42896_write.c |
CVE-2022-42895
Kernel (Linux) > v3.0.0
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c
's l2cap_parse_conf_req
function which can be used to leak kernel pointers remotely.
The bug was introduced in commit 42dceae (version: 3.0.0, date: 2011-Oct-17).
Severity
Moderate - The leak in Bluetooth L2CAP handling can be used to leak kernel pointers remotely.
CVE-2022-42896 R / W
Kernel (Linux) > v3.16.0
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c
's l2cap_connect
and l2cap_le_connect_req
functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.
The l2cap_le_connect_req
bug was introduced in commit 27e2d4c (version: 3.12.0, date: 2013-Dec-05), the SMP channel is available since commit 70db83c (version: 3.16.0, date: 2014-Aug-14).
Severity
Moderate