CVE-2022-3640

CWE-119Buffer OverflowCWE-416Use After Free34 documents7 sources
Severity
8.8HIGH
EPSS
0.0%
top 91.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux Linux KernelLinux KernelDebian Debian Linux+1 more
Timeline
PublishedOct 21
Latest updateJul 8

Description

A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages8 packages

NVDlinux/linux_kernel4.9.3264.9.333+6
CVEListV5linux/kerneln/a
Debianlinux< 5.10.158-1+3
Ubuntulinux< 4.4.0-270.304
Ubuntulinux-aws< 4.4.0-1145.151+1

Also affects: Debian Linux 10.0, Fedora 35, 36, 37

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

9
OSV
linux-kvm vulnerabilities2025-07-08
OSV
linux, linux-aws, linux-lts-xenial vulnerabilities2025-07-01
OSV
linux-fips vulnerabilities2025-07-01
OSV
linux-azure-fde vulnerabilities2023-03-02
OSV
linux-aws-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-oracle-5.4 vulnerabilities2023-02-15

📋Vendor Advisories

24
Ubuntu
Linux kernel (KVM) vulnerabilities2025-07-08
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-07-01
Ubuntu
Linux kernel vulnerabilities2025-07-01
Ubuntu
Linux kernel (GCP) vulnerabilities2023-04-11
Ubuntu
Linux kernel vulnerabilities2023-03-27
CVE-2022-3640 (HIGH CVSS 8.8) | A vulnerability | cvebase.io