CVE-2022-42895

Public on 2022-11-23
Modified on 2024-03-11
Description
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url
Severity
Medium severity
Medium
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel Not Affected
Amazon Linux 2 - Kernel-5.10 Extra kernel Not Affected
Amazon Linux 2 - Kernel-5.15 Extra kernel Not Affected
Amazon Linux 2 - Kernel-5.4 Extra kernel Not Affected
Amazon Linux 2 - Core kernel 2022-12-01 ALAS2-2022-1888 Fixed
Amazon Linux 2023 kernel Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Red Hat: CVE-2022-42895 Mitre: CVE-2022-42895