CVE-2022-42896
Public on 2022-11-23
Modified on 2024-03-11
Description
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.15 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | Not Affected | ||
| Amazon Linux 2 - Core | kernel | 2022-12-09 | ALAS2-2022-1903 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.8 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
| NVD | CVSSv3 | 8.0 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N |