CVE-2022-42895

Published on: Not Yet Published

Last Modified on: 01/23/2023 06:29:00 PM UTC

CVE-2022-42895

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Linux Kernel from Linux contain the following vulnerability:

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

CVE-2022-42895 has been assigned by secu[email protected] to track the vulnerability - currently rated as MEDIUM severity.
Affected Vendor/Software: Linux - Linux Kernel version = 3.0.0

CVSS3 Score: 6.5 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
ADJACENT_NETWORK	LOW	NONE	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	NONE	NONE

CVE References

Description	Tags ^ⓘ	Link
Bluetooth: L2CAP: Fix attempting to access uninitialized memory · torvalds/linux@b1a2cd5 · GitHub	github.com text/html	MISC github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
????????	kernel.dance text/html	MISC kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

160371 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12008)
160372 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2023-12009)
160381 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12017)
160382 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2023-12018)
160447 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12109)
160458 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2023-12117)
160461 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2023-12118)
181401 Debian Security Update for linux (CVE-2022-42895)
181440 Debian Security Update for linux-5.10 (DLA 3244-1)
181565 Debian Security Update for linux (DLA 3245-1)
199076 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5780-1)
199153 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5853-1)
199154 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5858-1)
199156 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5859-1)
199159 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5851-1)
199160 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5860-1)
199166 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5850-1)
199177 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5876-1)
199178 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5874-1)
199179 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5877-1)
199180 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5875-1)
199181 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5878-1)
199183 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5879-1)
199204 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-5909-1)
199213 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-5918-1)
199214 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5920-1)
199217 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5925-1)
199218 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5927-1)
199502 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5975-1)
199541 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5924-1)
199555 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5926-1)
199566 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6007-1)
199567 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5883-1)
199581 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5919-1)
199590 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-5884-1)
377891 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0002)
378043 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0011)
378468 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-20230042)
378512 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0042)
672532 EulerOS Security Update for kernel (EulerOS-SA-2023-1126)
672564 EulerOS Security Update for kernel (EulerOS-SA-2023-1102)
753014 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4505-1)
753020 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4585-1)
753034 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4504-1)
753038 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4573-1)
753039 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4574-1)
753045 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4503-1)
753047 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4566-1)
753051 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4589-1)
753060 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4615-1)
753061 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4616-1)
753062 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4613-1)
753063 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4617-1)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	-	All	All	All

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@sidfm_jp	Linux Kernel の Bluetooth L2CAP の処理にサービスを妨害される複数の問題 (CVE-2022-42895, CVE-202 [44034] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報	2022-11-14 08:00:09
@top5cve	✨ Top 5 CVE last 24h on Twitter 1. CVE-2022-42895 : 3 twitter.com/twitter/status… 2. CVE-2022-3889 : 0… twitter.com/i/web/status/1…	2022-11-15 22:28:38
@top5cve	✨ Top 5 CVE last 24h on Twitter 1. CVE-2022-42895 : 3 twitter.com/twitter/status… 2. CVE-2022-3886 : 0… twitter.com/i/web/status/1…	2022-11-15 22:29:00
@top5cve	✨ Top 2 CVE last 12h 1. CVE-2022-42895 : 3 twitter.com/twitter/status… 2. CVE-2022-3307 : 0 twitter.com/twitter/status… twitter.com/15925786292586…	2022-11-16 09:27:58
@CVEreport	CVE-2022-42895 : There is an infoleak vulnerability in the #Linux #kernel's net/bluetooth/l2cap_core.c's l2cap_pars… twitter.com/i/web/status/1…	2022-11-23 15:05:16
/r/netcve	CVE-2022-42895	2022-11-23 15:38:29