CVE-2022-3564

CWE-119 — Buffer Overflow CWE-362 — Race Condition CWE-416 — Use After Free21 documents7 sources

Severity

7.1HIGH

EPSS

0.1%

top 74.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Linux Kernel Debian Debian Linux

Timeline

PublishedOct 17

Latest updateJan 5

Description

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages3 packages

▶NVDlinux/linux_kernel3.6 — 4.9.333+6

▶CVEListV5linux/kerneln/a

▶Debianlinux< 5.10.158-1+3

Also affects: Debian Linux 10.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

linux-gke vulnerabilities↗2022-12-02

▶

GHSA

GHSA-hjfq-c3jw-r92p: A vulnerability classified as critical was found in Linux Kernel↗2022-10-18

▶

OSV

CVE-2022-3564: A vulnerability classified as critical was found in Linux Kernel↗2022-10-17

▶

CVEList

Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free↗2022-10-17

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OEM) vulnerabilities↗2023-01-05

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2022-12-14

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2022-12-12

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2022-12-12

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2022-12-12

▶