CVE-2022-48947

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-48947
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventually it will wrap around the maximum number (i.e., 255). This patch prevents this by adding a boundary check with L2CAP_MAX_CONF_RSP Btmon log: Bluetooth monitor ver 5.64 = Note: Linux version 6.1.0-rc2 (x86_64) 0.264594 = Note: Bluetooth subsystem version 2.22 0.264636 @ MGMT Open: btmon (privileged) version 1.22 {0x0001} 0.272191 = New Index: 00:00:00:00:00:00 (Primary,Virtual,hci0) [hci0] 13.877604 @ RAW Open: 9496 (privileged) version 2.22 {0x0002} 13.890741 = Open Index: 00:00:00:00:00:00 [hci0] 13.900426 (...) > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #32 [hci0] 14.273106 invalid packet size (12 != 1033) 08 00 01 00 02 01 04 00 01 10 ff ff ............ > ACL Data RX: Handle 200 flags 0x00 dlen 1547 #33 [hci0] 14.273561 invalid packet size (14 != 1547) 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@..... > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #34 [hci0] 14.274390 invalid packet size (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@....... > ACL Data RX: Handle 200 flags 0x00 dlen 2061 #35 [hci0] 14.274932 invalid packet size (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@....... = bluetoothd: Bluetooth daemon 5.43 14.401828 > ACL Data RX: Handle 200 flags 0x00 dlen 1033 #36 [hci0] 14.275753 invalid packet size (12 != 1033) 08 00 01 00 04 01 04 00 40 00 00 00 ........@...

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/19a78143961a197de8502f4f29c453b913dc3c29 Patch
https://git.kernel.org/stable/c/49d5867819ab7c744852b45509e8469839c07e0e Patch
https://git.kernel.org/stable/c/5550bbf709c323194881737fd290c4bada9e6ead Patch
https://git.kernel.org/stable/c/95f1847a361c7b4bf7d74c06ecb6968455082c1a Patch
https://git.kernel.org/stable/c/9fdc79b571434af7bc742da40a3405f038b637a7 Patch
https://git.kernel.org/stable/c/ad528fde0702903208d0a79d88d5a42ae3fc235b Patch
https://git.kernel.org/stable/c/bcd70260ef56e0aee8a4fc6cd214a419900b0765 Patch
https://git.kernel.org/stable/c/f3fe6817156a2ad4b06f01afab04638a34d7c9a6 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*
History

25 Oct 2024, 20:11

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/19a78143961a197de8502f4f29c453b913dc3c29 - () https://git.kernel.org/stable/c/19a78143961a197de8502f4f29c453b913dc3c29 - Patch
References () https://git.kernel.org/stable/c/49d5867819ab7c744852b45509e8469839c07e0e - () https://git.kernel.org/stable/c/49d5867819ab7c744852b45509e8469839c07e0e - Patch
References () https://git.kernel.org/stable/c/5550bbf709c323194881737fd290c4bada9e6ead - () https://git.kernel.org/stable/c/5550bbf709c323194881737fd290c4bada9e6ead - Patch
References () https://git.kernel.org/stable/c/95f1847a361c7b4bf7d74c06ecb6968455082c1a - () https://git.kernel.org/stable/c/95f1847a361c7b4bf7d74c06ecb6968455082c1a - Patch
References () https://git.kernel.org/stable/c/9fdc79b571434af7bc742da40a3405f038b637a7 - () https://git.kernel.org/stable/c/9fdc79b571434af7bc742da40a3405f038b637a7 - Patch
References () https://git.kernel.org/stable/c/ad528fde0702903208d0a79d88d5a42ae3fc235b - () https://git.kernel.org/stable/c/ad528fde0702903208d0a79d88d5a42ae3fc235b - Patch
References () https://git.kernel.org/stable/c/bcd70260ef56e0aee8a4fc6cd214a419900b0765 - () https://git.kernel.org/stable/c/bcd70260ef56e0aee8a4fc6cd214a419900b0765 - Patch
References () https://git.kernel.org/stable/c/f3fe6817156a2ad4b06f01afab04638a34d7c9a6 - () https://git.kernel.org/stable/c/f3fe6817156a2ad4b06f01afab04638a34d7c9a6 - Patch
CWE CWE-190
CPE cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
First Time Linux linux Kernel
Linux

23 Oct 2024, 15:13

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: L2CAP: Corregir desbordamiento de u8 Al seguir enviando paquetes L2CAP_CONF_REQ, chan->num_conf_rsp aumenta varias veces y eventualmente alcanzará el número máximo (es decir, 255). Este parche evita esto añadiendo una comprobación de los límites con L2CAP_MAX_CONF_RSP Btmon log: Bluetooth monitor ver 5.64 = Nota: Linux versión 6.1.0-rc2 (x86_64) 0.264594 = Nota: Subsistema Bluetooth versión 2.22 0.264636 @ MGMT Open: btmon (privilegiado) versión 1.22 {0x0001} 0.272191 = Nuevo índice: 00:00:00:00:00:00 (Principal,Virtual,hci0) [hci0] 13.877604 @ RAW Open: 9496 (privilegiado) versión 2.22 {0x0002} 13.890741 = Abierto Índice: 00:00:00:00:00:00 [hci0] 13.900426 (...) > ACL Data RX: Manejar 200 indicadores 0x00 dlen 1033 #32 [hci0] 14.273106 tamaño de paquete no válido (12 != 1033) 08 00 01 00 02 01 04 00 01 10 ff ff ............ > ACL Data RX: Manejar 200 indicadores 0x00 dlen 1547 #33 [hci0] 14.273561 tamaño de paquete no válido (14 != 1547) 0a 00 01 00 04 01 06 00 40 00 00 00 00 00 ........@..... > ACL Data RX: Manejar 200 indicadores 0x00 dlen 2061 #34 [hci0] 14.274390 tamaño de paquete no válido (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 00 00 00 04 ........@....... > ACL Data RX: Manejar 200 indicadores 0x00 dlen 2061 #35 [hci0] 14.274932 tamaño de paquete no válido (16 != 2061) 0c 00 01 00 04 01 08 00 40 00 00 00 07 00 03 00 ........@....... = bluetoothd: Daemon Bluetooth 5.43 14.401828 > ACL Data RX: Manejar 200 indicadores 0x00 dlen 1033 #36 [hci0] 14.275753 tamaño de paquete no válido (12 != 1033) 08 00 01 00 04 01 04 00 40 00 00 00 ........@...

21 Oct 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-21 20:15

Updated : 2024-10-25 20:11

NVD link : CVE-2022-48947

Mitre link : CVE-2022-48947

CVE.ORG link : CVE-2022-48947

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-190

Integer Overflow or Wraparound


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024