cve/2022/CVE-2022-42896.md

### [CVE-2022-42896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42896)
![](https://img.shields.io/static/v1?label=Product&message=Linux%20Kernel&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%203.0.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen)

### Description

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Satheesh575555/linux-4.19.72_CVE-2022-42896
- https://github.com/Trinadh465/linux-4.19.72_CVE-2022-42896
- https://github.com/hshivhare67/kernel_v4.19.72_CVE-2022-42896_new
- https://github.com/hshivhare67/kernel_v4.19.72_CVE-2022-42896_old
- https://github.com/kdn111/linux-kernel-exploitation
- https://github.com/khanhdn111/linux-kernel-exploitation
- https://github.com/khanhdz-06/linux-kernel-exploitation
- https://github.com/khanhdz191/linux-kernel-exploitation
- https://github.com/khanhhdz/linux-kernel-exploitation
- https://github.com/khanhhdz06/linux-kernel-exploitation
- https://github.com/khanhnd123/linux-kernel-exploitation
- https://github.com/knd06/linux-kernel-exploitation
- https://github.com/ndk191/linux-kernel-exploitation
- https://github.com/nidhi7598/linux-4.1.15_CVE-2022-42896
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/ssr-111/linux-kernel-exploitation
- https://github.com/xairy/linux-kernel-exploitation