VIR Vulnerability Intelligence Relay

CVE-2022-3619

high
Published 2023-05-09 Β· Modified 2023-05-12
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
8.0

Description

Important: kernel security, bug fix, and enhancement update

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c Red Hat statement To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth…

Workaround

as the kernel will not detect Bluetooth hardware on the system.

Description

kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c

Red Hat statement

To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the customer portal at https://access.redhat.com/solutions/268293. Alternatively, bluetooth can be disabled within the hardware or at the BIOS level, which will also provide effective mitigation as the kernel will not detect Bluetooth hardware on the system.

CVSS v3: 4.3 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8RHSA-2023:27362023-05-16T00:00:00Z
Red Hat Enterprise Linux 8kernel-0:4.18.0-477.10.1.el8_8RHSA-2023:29512023-05-16T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Supportkernel-0:4.18.0-372.91.1.el8_6RHSA-2024:07242024-02-07T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-284.11.1.el9_2RHSA-2023:24582023-05-09T00:00:00Z
Red Hat Enterprise Linux 9kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2RHSA-2023:21482023-05-09T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-284.11.1.el9_2RHSA-2023:24582023-05-09T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8kernel-0:4.18.0-372.91.1.el8_6RHSA-2024:07242024-02-07T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope

Apply commands

bash fix
Apply RHSA-2023:2736 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

OS impact
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
almalinux AlmaLinux Fixed 2 releases
VersionStatusFixed in
9 Fixed kernel-devel-matched-5.14.0-284.11.1.el9_2.aarch64.rpm
8 Fixed kernel-doc-4.18.0-477.10.1.el8_8.noarch.rpm
arch Arch Fixed 1 release
VersionStatusFixed in
β€” Fixed 6.2-1
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 6.0.8-1
sid Fixed 6.0.8-1
forky Fixed 6.0.8-1
bullseye Fixed 0
bookworm Fixed 6.0.8-1
redhat Red Hat Fixed 2 releases
VersionStatusFixed in
9 Fixed β€”
8 Fixed β€”

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.