CVE-2022-42895

Info Leak in l2cap_core in the Linux Kernel

Description

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit  https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

Category

5.1
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.06%
Third-Party Advisory github.com Third-Party Advisory kernel.dance
Affected: Linux Linux Kernel
Published at:
Updated at:

References

Link Tags
https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e third party advisory patch
https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2022-42895?
CVE-2022-42895 has been scored as a medium severity vulnerability.
How to fix CVE-2022-42895?
To fix CVE-2022-42895, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-42895 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-42895 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-42895?
CVE-2022-42895 affects Linux Linux Kernel.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.