CVE-2022-3563

CWE-404 CWE-476 — NULL Pointer Dereference10 documents8 sources

Severity

5.7MEDIUM

EPSS

0.0%

top 92.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bluez Bluez Linux Kernel

Timeline

PublishedOct 17

Latest updateDec 11

Description

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5linux/kerneln/a

▶NVDbluez/bluez< 5.65

▶Debianbluez< 5.65-1+2

▶Ubuntubluez< 5.53-0ubuntu3.8+3

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

keystone vulnerabilities↗2025-12-11

▶

OSV

bluez vulnerabilities↗2024-06-05

▶

GHSA

GHSA-h7mh-ffww-7v4w: A vulnerability classified as problematic has been found in Linux Kernel↗2022-10-18

▶

OSV

CVE-2022-3563: A vulnerability classified as problematic has been found in Linux Kernel↗2022-10-17

▶

CVEList

Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference↗2022-10-17

▶

📋Vendor Advisories

Ubuntu

BlueZ vulnerabilities↗2024-06-05

▶

Microsoft

Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference↗2022-10-11

▶

Red Hat

bluez: NULL pointer dereference in read_50_controller_cap_complete() in tools/mgmt-tester.c↗2022-06-23

▶

Debian

CVE-2022-3563: bluez - A vulnerability classified as problematic has been found in Linux Kernel. Affect...↗2022

▶