CVE-2022-42895
Published: November 23, 2022Last modified: August 23, 2024
Description
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack Vector | ADJACENT_NETWORK |
Attack complexity | LOW |
Privileges required | NONE |
User interaction | NONE |
Scope | UNCHANGED |
Confidentiality | HIGH |
Integrity impact | NONE |
Availability impact | NONE |
Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Status
Product | Release | Package | Status |
---|---|---|---|
Alpaquita Linux | Stream | linux-lts | Not affected (6.1.33-r0) |