Linux Kernel BlueZ tools/mgmt-tester.c read_50_controller_cap_complete cap_len null pointer dereference

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. Using CWE to declare the problem leads to CWE-476. The weakness was released 10/17/2022. The advisory is available at git.kernel.org. This vulnerability is traded as CVE-2022-3563. The attack can only be done within the local network. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The bugfix is ready for download at git.kernel.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field10/17/2022 19:4311/09/2022 22:4911/09/2022 23:04
vendorLinuxLinuxLinux
nameKernelKernelKernel
componentBlueZBlueZBlueZ
filetools/mgmt-tester.ctools/mgmt-tester.ctools/mgmt-tester.c
functionread_50_controller_cap_completeread_50_controller_cap_completeread_50_controller_cap_complete
argumentcap_lencap_lencap_len
cwe476 (null pointer dereference)476 (null pointer dereference)476 (null pointer dereference)
risk111
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0ehttps://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0ehttps://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e
namePatchPatchPatch
patch_urlhttps://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0ehttps://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0ehttps://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e
cveCVE-2022-3563CVE-2022-3563CVE-2022-3563
responsibleVulDBVulDBVulDB
date1665957600 (10/17/2022)1665957600 (10/17/2022)1665957600 (10/17/2022)
typeOperating SystemOperating SystemOperating System
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_avAAA
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_eXXX
cvss2_vuldb_basescore2.32.32.3
cvss2_vuldb_tempscore2.02.02.0
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.43.43.4
cvss3_meta_basescore3.53.54.2
cvss3_meta_tempscore3.43.44.2
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1665957600 (10/17/2022)1665957600 (10/17/2022)
cve_nvd_summaryA vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.
cvss3_nvd_avA
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss3_cna_avA
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iN
cvss3_cna_aL
cve_cnaVulDB
cvss3_nvd_basescore5.7
cvss3_cna_basescore3.5

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!