Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2022-42896
HistoryNov 23, 2022 - 7:26 p.m.

CVE-2022-42896

2022-11-2319:26:11
redhat.com
access.redhat.com
31
linux kernel
l2cap
bluetooth stack
code execution
physical access
bluetooth range
mitigation
modprobe rules
hardware disablement
bios disablement

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.3%

JSON

A use-after-free flaw was found in the Linux kernel’s implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim.

Mitigation

This flaw can be mitigated by disabling Bluetooth on the operating system level. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. For instructions on how to disable Bluetooth on RHEL please refer to <https://access.redhat.com/solutions/2682931&gt;.

Alternatively Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.

Related

nessus 65
redhat 19
prion 1
veracode 1
ubuntucve 1
githubexploit 6
cvelist 1
nvd 1
openvas 29
ubuntu 23
osv 25
debiancve 1
cve 1
oraclelinux 9
amazon 2
photon 3
ibm 1
centos 1
rocky 2
almalinux 2
cloudlinux 2
rosalinux 1
mageia 2
nessus
nessus
RHEL 8 : kernel-rt (RHSA-2023:3462)
2023-06-06 00:00:00
RHEL 8 : kernel (RHSA-2023:3461)
2023-06-06 00:00:00
RHEL 8 : kpatch-patch (RHSA-2023:3517)
2023-06-06 00:00:00
redhat
redhat
(RHSA-2023:3461) Important: kernel security and bug fix update
2023-06-06 07:52:06
(RHSA-2023:3462) Important: kernel-rt security and bug fix update
2023-06-06 07:52:09
(RHSA-2023:4230) Important: kpatch-patch security update
2023-07-20 07:23:00
prion
prion
Design/Logic Flaw
2022-11-23 15:15:00
veracode
veracode
Use-After-Free
2023-01-17 17:03:57
ubuntucve
ubuntucve
CVE-2022-42896
2022-11-23 00:00:00
githubexploit
githubexploit
Exploit for Use After Free in Linux Linux Kernel
2023-04-05 07:51:32
Exploit for Use After Free in Linux Linux Kernel
2023-04-03 11:30:26
Exploit for Use After Free in Linux Linux Kernel
2023-04-05 05:33:09
cvelist
cvelist
CVE-2022-42896 Info Leak in l2cap_core in the Linux Kernel
2022-11-23 14:11:56
nvd
nvd
CVE-2022-42896
2022-11-23 15:15:10
openvas
openvas
Ubuntu: Security Advisory (USN-5783-1)
2022-12-19 00:00:00
Ubuntu: Security Advisory (USN-5809-1)
2023-01-18 00:00:00
Ubuntu: Security Advisory (USN-5863-1)
2023-02-10 00:00:00
ubuntu
ubuntu
Linux kernel (OEM) vulnerability
2022-12-16 00:00:00
Kernel Live Patch Security Notice
2023-03-07 00:00:00
Linux kernel (OEM) vulnerabilities
2023-01-17 00:00:00
osv
osv
linux-oem-5.17 vulnerability
2022-12-16 17:34:19
linux-oem-5.14 vulnerabilities
2023-01-17 18:10:42
linux-azure vulnerabilities
2023-02-09 23:17:58
debiancve
debiancve
CVE-2022-42896
2022-11-23 15:15:10
cve
cve
CVE-2022-42896
2022-11-23 15:15:10
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2023-02-14 00:00:00
Unbreakable Enterprise kernel security update
2023-02-14 00:00:00
Unbreakable Enterprise kernel-container security update
2023-01-12 00:00:00
amazon
amazon
Important: kernel
2022-12-09 20:58:00
Important: kernel
2022-12-09 20:58:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0299
2022-12-15 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0504
2022-12-17 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0299
2022-12-15 00:00:00
ibm
ibm
Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel
2024-07-08 17:51:46
centos
centos
bpftool, kernel, perf, python security update
2024-03-25 15:37:48
rocky
rocky
kernel-rt security and bug fix update
2023-10-14 02:07:34
kernel security and bug fix update
2023-10-06 23:10:01
almalinux
almalinux
Important: kernel-rt security and bug fix update
2023-08-08 00:00:00
Important: kernel security and bug fix update
2023-08-08 00:00:00
cloudlinux
cloudlinux
kernel: Fix of 13 CVEs
2024-01-17 12:32:48
kernel: Fix of 13 CVEs
2024-01-17 12:28:37
rosalinux
rosalinux
Advisory ROSA-SA-2023-2189
2023-07-11 14:30:55
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2022-11-27 23:51:49
Updated kernel packages fix security vulnerabilities
2022-11-27 23:51:49

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

51.3%

JSON
Related for RH:CVE-2022-42896
nessus65redhat19prion1veracode1ubuntucve1githubexploit6cvelist1nvd1openvas29ubuntu23osv25debiancve1cve1oraclelinux9amazon2photon3ibm1centos1rocky2almalinux2cloudlinux2rosalinux1mageia2