CVE-2022-3640
MEDIUMLinux Kernel 4.9.326-4.9.333 - Use-After-Free in Bluetooth L2CAP Connection Deletion
Title source: llmDescription
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.
References (7)
Core 7
Core References
Exploit, Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979
Third Party Advisory
https://vuldb.com/?id.211944
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
6.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-119
CWE-416
Status
published
Products (5)
debian/debian_linux
10.0
fedoraproject/fedora
35
fedoraproject/fedora
36
fedoraproject/fedora
37
linux/linux_kernel
4.9.326 - 4.9.333
Published
Oct 21, 2022
Tracked Since
Feb 18, 2026