CVE-2022-45934

HIGH

Linux Kernel < 4.9.337 - Integer Overflow

Title source: rule

Description

An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

Exploits (3)

nomisec WORKING POC

by Satheesh575555 · poc

https://github.com/Satheesh575555/linux-4.1.15_CVE-2022-45934

View Code ZIP pw:eip

nomisec WORKING POC

by Trinadh465 · poc

https://github.com/Trinadh465/linux-4.1.15_CVE-2022-45934

View Code ZIP pw:eip

nomisec WRITEUP

by Trinadh465 · poc

https://github.com/Trinadh465/linux-4.19.72_CVE-2022-45934

View Code ZIP pw:eip

References (6)

Core 6

Core References

Mailing List, Patch, Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230113-0008/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDAKCGDW6CQ6G3RZWYZJO454R3L5CTQB/

Third Party Advisory vendor-advisory

https://www.debian.org/security/2023/dsa-5324

Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html

Mailing List mailing-list

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Scores

CVSS v3 7.8

EPSS 0.0041

EPSS Percentile 61.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (8)

debian/debian_linux 11.0

fedoraproject/fedora 37

linux/linux_kernel 2.6.32 - 4.9.337

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

Published Nov 27, 2022

Tracked Since Feb 18, 2026