A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del
of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. Using CWE to declare the problem leads to CWE-416. The weakness was shared 10/21/2022 as FEDORA-2022-64ab9153c0. The advisory is shared for download at git.kernel.org.
This vulnerability is traded as CVE-2022-3640. Access to the local network is required for this attack. Technical details are available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment.
It is declared as not defined. As 0-day the estimated underground price was around $5k-$25k.
The bugfix is ready for download at git.kernel.org. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.