Ubuntu update for linux-oem-5.17



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-42896
CWE-ID CWE-416
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-5.17.0-1025-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-22.04a (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use-after-free

EUVDB-ID: #VU69795

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-42896

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the l2cap_connect() and l2cap_le_connect_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can trigger a use-after-free error and execute arbitrary code on the system.


Mitigation

Update the affected package linux-oem-5.17 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-5.17.0-1025-oem (Ubuntu package): before 5.17.0-1025.26

linux-image-oem-22.04a (Ubuntu package): before 5.17.0.1025.23

linux-image-oem-22.04 (Ubuntu package): before 5.17.0.1025.23

CPE2.3 External links

https://ubuntu.com/security/notices/USN-5783-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###