{"id":"CVE-2022-42896","details":"There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\n\nWe recommend upgrading past commit   https://www.google.com/url  https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url \n\n","modified":"2026-03-13T06:01:29.821515Z","published":"2022-11-23T15:15:10.723Z","related":["ALSA-2023:2148","ALSA-2023:2458","ALSA-2023:4517","ALSA-2023:4541","MGASA-2022-0442","MGASA-2022-0443","SUSE-SU-2022:4503-1","SUSE-SU-2022:4504-1","SUSE-SU-2022:4505-1","SUSE-SU-2022:4566-1","SUSE-SU-2022:4573-1","SUSE-SU-2022:4574-1","SUSE-SU-2022:4585-1","SUSE-SU-2022:4589-1","SUSE-SU-2022:4613-1","SUSE-SU-2022:4614-1","SUSE-SU-2022:4615-1","SUSE-SU-2022:4616-1","SUSE-SU-2022:4617-1","SUSE-SU-2023:0420-1"],"references":[{"type":"FIX","url":"https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4"},{"type":"FIX","url":"https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9.335"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.301"}]},{"events":[{"introduced":"4.15"},{"fixed":"4.19.268"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.226"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.154"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.78"}]},{"events":[{"introduced":"5.16"},{"fixed":"6.0.8"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-42896.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}