First published: Fri Dec 16 2022(Updated: )
Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-oem-22.04 | <5.17.0.1025.23 | 5.17.0.1025.23 |
=22.04 | ||
All of | ||
ubuntu/linux-image-oem-22.04a | <5.17.0.1025.23 | 5.17.0.1025.23 |
=22.04 | ||
All of | ||
ubuntu/linux-image-5.17.0-1025-oem | <5.17.0-1025.26 | 5.17.0-1025.26 |
=22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability addressed by USN-5783-1 is a use-after-free vulnerability in the Bluetooth L2CAP handshake implementation in the Linux kernel.
The use-after-free vulnerability in the Bluetooth L2CAP handshake implementation could allow a physically proximate attacker to cause a denial of service (system crash) or possibly execute arbitrary code.
The Linux kernel versions affected by the vulnerability include linux-image-oem-22.04 (version up to 5.17.0.1025.23) and linux-image-5.17.0-1025-oem (version up to 5.17.0-1025.26) on Ubuntu 22.04.
To fix the vulnerability in the Linux kernel, you should update to version 5.17.0.1025.23 or later for linux-image-oem-22.04 and version 5.17.0-1025.26 or later for linux-image-5.17.0-1025-oem.
You can find more information about the vulnerability in USN-5783-1 on the Ubuntu Security Notices website.