UBUNTU-CVE-2022-42895

Description

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Systems

• ubuntu•linux

  all | < 4.4.0-237.271 | < 4.15.0-206.217 | < 5.4.0-139.156 | < 5.15.0-60.66

• ubuntu•linux-aws

  < 4.4.0-1116.122 | < 4.4.0-1154.169 | < 4.15.0-1151.164 | < 5.4.0-1096.104 | < 5.15.0-1030.34

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1030.34~20.04.1

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1096.104~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2090.96 | all | < 5.4.0-1096.104+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1151.164~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1162.177~14.04.1 | < 4.15.0-1162.177~16.04.1 | all | < 5.4.0-1103.109 | < 5.15.0-1033.40

• ubuntu•linux-azure-4.15

  < 4.15.0-1162.177

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1033.40~20.04.1

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1103.109~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  < 5.15.0-1033.40.1

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2071.77 | all | < 5.4.0-1103.109+fips1

• ubuntu•linux-bluefield

  < 5.15.0-1014.16 | < 5.4.0-1058.64 | < 5.15.0-1014.16 | all

• ubuntu•linux-dell300x

  < 4.15.0-1061.66

• ubuntu•linux-fips

  < 4.4.0-1086.93 | all | < 4.15.0-1108.119 | < 5.4.0-1072.81

• ubuntu•linux-gcp

  < 4.15.0-1146.162~16.04.1 | all | < 5.4.0-1100.109 | < 5.15.0-1029.36

• ubuntu•linux-gcp-4.15

  < 4.15.0-1146.162

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1029.36~20.04.1

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1100.109~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2055.60 | all | < 5.4.0-1100.109+fips1

• ubuntu•linux-gke

  < 5.4.0-1094.101 | < 5.15.0-1027.32

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  < 5.15.0-1027.32~20.04.1

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1064.68 | < 5.15.0-1015.19

• ubuntu•linux-gkeop-5.15

  < 5.15.0-1015.19~20.04.1

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  < 4.15.0-206.217~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.15

  < 5.15.0-60.66~20.04.1

• ubuntu•linux-hwe-5.19

  < 5.19.0-32.33~22.04.1

Showing first 50 affected entries in server-rendered view.

References (29)

• https://ubuntu.com/security/CVE-2022-42895
• https://git.kernel.org/linus/b1a2cd50c0357f243b7435a732b4e62ba3157a2e
• https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357
• https://ubuntu.com/security/notices/USN-5780-1
• https://ubuntu.com/security/notices/USN-5850-1
• https://ubuntu.com/security/notices/USN-5851-1
• https://ubuntu.com/security/notices/USN-5853-1
• https://ubuntu.com/security/notices/USN-5858-1
• https://ubuntu.com/security/notices/USN-5859-1
• https://ubuntu.com/security/notices/USN-5860-1
• https://ubuntu.com/security/notices/USN-5874-1
• https://ubuntu.com/security/notices/USN-5875-1
• https://ubuntu.com/security/notices/USN-5876-1
• https://ubuntu.com/security/notices/USN-5877-1
• https://ubuntu.com/security/notices/USN-5878-1
• https://ubuntu.com/security/notices/USN-5879-1
• https://ubuntu.com/security/notices/USN-5883-1
• https://ubuntu.com/security/notices/USN-5884-1
• https://ubuntu.com/security/notices/USN-5909-1
• https://ubuntu.com/security/notices/USN-5918-1
• https://ubuntu.com/security/notices/USN-5919-1
• https://ubuntu.com/security/notices/USN-5920-1
• https://ubuntu.com/security/notices/USN-5924-1
• https://ubuntu.com/security/notices/USN-5925-1
• https://ubuntu.com/security/notices/USN-5926-1
• https://ubuntu.com/security/notices/USN-5927-1
• https://ubuntu.com/security/notices/USN-5975-1
• https://ubuntu.com/security/notices/USN-6007-1
• https://www.cve.org/CVERecord?id=CVE-2022-42895