Описание
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges.
Отчет
This issue is rated between Moderate and Important (similar to the CVE-2022-45934) because of no known attack, and the attack would be complex. Anyway, consider this CVE-2022-3564 as Important because the use-after-free can potentially lead to privilege escalation or a potential remote system crash (and currently, a read after-free that in most cases would not lead to a remote system crash).
Меры по смягчению последствий
To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931. Alternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2023:4150 | 18.07.2023 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2023:4151 | 18.07.2023 |
| Red Hat Enterprise Linux 7 | kpatch-patch | Fixed | RHSA-2023:4215 | 19.07.2023 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel | Fixed | RHSA-2023:4020 | 11.07.2023 |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | kernel | Fixed | RHSA-2023:4021 | 11.07.2023 |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | kernel | Fixed | RHSA-2023:3277 | 23.05.2023 |
| Red Hat Enterprise Linux 7.7 Telco Extended Update Support | kernel | Fixed | RHSA-2023:3277 | 23.05.2023 |
| Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions | kernel | Fixed | RHSA-2023:3277 | 23.05.2023 |
| Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions | kpatch-patch | Fixed | RHSA-2023:3278 | 23.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.1 High
CVSS3
Связанные уязвимости
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
A vulnerability classified as critical was found in Linux Kernel. Affe ...
Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2)
Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP2)
EPSS
7.1 High
CVSS3