vulnerability

Oracle Linux: CVE-2022-42896: ELSA-2023-12017: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:A/AC:L/Au:N/C:C/I:C/A:N)	Nov 3, 2022	Jan 12, 2023	Dec 3, 2025

Severity

CVSS

(AV:A/AC:L/Au:N/C:C/I:C/A:N)

Published

Nov 3, 2022

Added

Jan 12, 2023

Modified

Dec 3, 2025

Description

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.
We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim.

Solutions

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today