CVE-2022-3640

A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.

Published: Oct 21, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-3640
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-119
CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	4.9.326	4.9.333
linux / linux_kernel	4.14.291	4.14.299
linux / linux_kernel	4.19.255	4.19.265
linux / linux_kernel	5.4.209	5.4.224
linux / linux_kernel	5.10.135	5.10.154
linux / linux_kernel	5.15.59	5.15.79
linux / linux_kernel	5.18.16	6.0.8
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x
fedoraproject / fedora	37	37.x
debian / debian_linux	10.0	10.0.x

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979
https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/
https://lists.fedoraproject.org/archives/list/[email protected]/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/
https://lists.fedoraproject.org/archives/list/[email protected]/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/
https://vuldb.com/?id.211944

Vulnerability Database

289,599

CVE-2022-3640