← back
CVE-2022-42895

Info Leak in l2cap_core in the Linux Kernel

CVSS 5.1 MEDIUMEPSS 0.4%CWE-824
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Nov 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit  https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Linux · Linux Kernel

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2ehttps://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e