Use After Free in Linux Kernel
CVE-2022-42896
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A…
Vulnerability class: Use-After-Free
EPSS: 0.004 (62.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N.
Affected products
- Linux Kernel — versions 3.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
- himanshu667/kernel_v4.19.72_CVE-2022-42896
- Trinadh465/linux-4.19.72_CVE-2022-42896
- Satheesh575555/linux-4.19.72_CVE-2022-42896
- Trinadh465/linux-4.19.72_
- aywengo/httpbin-k8s-deployment
- hshivhare67/kernel_
- kdn111/linux-kernel-exploitation
- khanhdn111/linux-kernel-exploitation
- khanhdz-06/linux-kernel-exploitation
- khanhdz191/linux-kernel-exploitation
References
Frequently asked questions
- What is CVE-2022-42896?
- CVE-2022-42896 is a high-severity vulnerability in Linux Kernel, classified under Use After Free. CVSS score: 8.0/10. Published 2022-11-23.
- How severe is CVE-2022-42896?
- High severity. CVSS v3 base score is 8.0 out of 10.
- Is CVE-2022-42896 known to be exploited?
- 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.