CVE-2022-3565

Description

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.

CVSS Metrics

• v3.1•MEDIUM•Score: 4.6CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.03%• Percentile: 7%

Techniques & Countermeasures

• CWE-662•Improper Synchronization

  The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

• CWE-119•Improper Restriction of Operations within the Bounds of a Memory Buffer

  The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Affected Systems

• Unknown•Kernel

  n/a

• linux•linux_kernel

  ≥ 2.6.27, < 4.9.331 | ≥ 4.10, < 4.14.296 | ≥ 4.15, < 4.19.262 | ≥ 4.20, < 5.4.220 | ≥ 5.5, < 5.10.150 | ≥ 5.11, < 5.15.75 | ≥ 5.16, < 5.19.17 | ≥ 6.0, < 6.0.3

References (4)

• https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f
• https://vuldb.com/?id.211088
• https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
• https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html