Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5580: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-42896: A use-after-free flaw was found in the Linux kernel’s implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim.
  • CVE-2023-4128: A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#rpm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-10-10

Updated:

2023-10-10

RHSA-2023:5580 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)
  • kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
  • BZ - 2225511 - CVE-2023-4128 kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

kpatch-patch-4_18_0-193_100_1-1-4.el8_2.src.rpm

SHA-256: ce6e2ed3e8424059bb11a1e123892a21344ffac713c07c9dc91f278c64139652

kpatch-patch-4_18_0-193_105_1-1-3.el8_2.src.rpm

SHA-256: f86abf3e5910c7a64e2882815ced5259ba5dc67d984be727b9731e572edb21a9

kpatch-patch-4_18_0-193_109_1-1-2.el8_2.src.rpm

SHA-256: fb7a50b587bf15a9638c8c556a0e0e17e4ffc5cd6ce3c03a31beffe372f44ac4

kpatch-patch-4_18_0-193_113_1-1-1.el8_2.src.rpm

SHA-256: cc95e75be5a95063b4713993d298ba8915537171544d03bdd8f61f445852684a

ppc64le

kpatch-patch-4_18_0-193_100_1-1-4.el8_2.ppc64le.rpm

SHA-256: 78c7e17fbbe722de9411366704ed63e18516d6d83ac94478463da8c56f7b182c

kpatch-patch-4_18_0-193_100_1-debuginfo-1-4.el8_2.ppc64le.rpm

SHA-256: 6344135f4431db2bee8b26d7fba0153bf223518bc3b34e2d5ff201bae1d30168

kpatch-patch-4_18_0-193_100_1-debugsource-1-4.el8_2.ppc64le.rpm

SHA-256: 37fcb73998774f5fcdbcb859fdbb07dac7ab7d36a79ddd62aa8a0d064ea89415

kpatch-patch-4_18_0-193_105_1-1-3.el8_2.ppc64le.rpm

SHA-256: 5bedbea1d1d359bf085192f93ec8678915a729838a03d20474e00d543119f138

kpatch-patch-4_18_0-193_105_1-debuginfo-1-3.el8_2.ppc64le.rpm

SHA-256: 0c491507d323403aa332ca5f3886aa4398f1230fffd4e1e96eaa6e7f96b97d01

kpatch-patch-4_18_0-193_105_1-debugsource-1-3.el8_2.ppc64le.rpm

SHA-256: 219b8cb4e018a4a4464afa2a60f54b26452c20f4c7fee6a81cc20b0e56f587f0

kpatch-patch-4_18_0-193_109_1-1-2.el8_2.ppc64le.rpm

SHA-256: b9a9502ec30467be71d62388513fee1d74d1831c974e09f3b1f69b56caebd6f2

kpatch-patch-4_18_0-193_109_1-debuginfo-1-2.el8_2.ppc64le.rpm

SHA-256: 870fb14e011f56756999169686cf5025195177d4885597b9d03c68e02fbf944e

kpatch-patch-4_18_0-193_109_1-debugsource-1-2.el8_2.ppc64le.rpm

SHA-256: 08957401e3b687a54a5624254dfd1e134467b8ae52c92547a2d010a0d2f90a58

kpatch-patch-4_18_0-193_113_1-1-1.el8_2.ppc64le.rpm

SHA-256: 77c976a13846c07db4ebeeae78680f83bcb4b3d7dab6c790003419372694ce9c

kpatch-patch-4_18_0-193_113_1-debuginfo-1-1.el8_2.ppc64le.rpm

SHA-256: 406d2596d6ae4788b72e4dab2a0a3350baece42380c4108027c04ba9fff8bbb4

kpatch-patch-4_18_0-193_113_1-debugsource-1-1.el8_2.ppc64le.rpm

SHA-256: e46db0f17e0bd6cb42c75a8c5265ce35f236168fbd6d590124e3f0abba39e596

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

kpatch-patch-4_18_0-193_100_1-1-4.el8_2.src.rpm

SHA-256: ce6e2ed3e8424059bb11a1e123892a21344ffac713c07c9dc91f278c64139652

kpatch-patch-4_18_0-193_105_1-1-3.el8_2.src.rpm

SHA-256: f86abf3e5910c7a64e2882815ced5259ba5dc67d984be727b9731e572edb21a9

kpatch-patch-4_18_0-193_109_1-1-2.el8_2.src.rpm

SHA-256: fb7a50b587bf15a9638c8c556a0e0e17e4ffc5cd6ce3c03a31beffe372f44ac4

kpatch-patch-4_18_0-193_113_1-1-1.el8_2.src.rpm

SHA-256: cc95e75be5a95063b4713993d298ba8915537171544d03bdd8f61f445852684a

x86_64

kpatch-patch-4_18_0-193_100_1-1-4.el8_2.x86_64.rpm

SHA-256: 0f2cb2630ac79c56da7688e86cc2217b6d80f8bd69466a98443e614ce2239af1

kpatch-patch-4_18_0-193_100_1-debuginfo-1-4.el8_2.x86_64.rpm

SHA-256: 16aa807b6f852f876569d810a8f90695bfb72cd5247b4bae981ba16f1cba0b00

kpatch-patch-4_18_0-193_100_1-debugsource-1-4.el8_2.x86_64.rpm

SHA-256: ed9a319afeedf361e10203503dec66deb1cea4272f64bb7cae60f4544087fa91

kpatch-patch-4_18_0-193_105_1-1-3.el8_2.x86_64.rpm

SHA-256: 1df62e08e6271d54e84226e8658dd8244d2c2f61225ad2a786cc80ccea5bd700

kpatch-patch-4_18_0-193_105_1-debuginfo-1-3.el8_2.x86_64.rpm

SHA-256: 9459a4db97296c9b1f509d19c45b89af15be3a1996dec29b44396455c961e140

kpatch-patch-4_18_0-193_105_1-debugsource-1-3.el8_2.x86_64.rpm

SHA-256: 824348bb3ad30fa6af57a3207a1204ad9d62445446a14ac927fc57531e26f388

kpatch-patch-4_18_0-193_109_1-1-2.el8_2.x86_64.rpm

SHA-256: 9d5aca4ca6ec5a8009196a3462770c79c92f70f76fe4f7a67659862abf836065

kpatch-patch-4_18_0-193_109_1-debuginfo-1-2.el8_2.x86_64.rpm

SHA-256: 0852caef6ecc4206311895a677d9feb8b029cc5636efc51831a721b1fe72800a

kpatch-patch-4_18_0-193_109_1-debugsource-1-2.el8_2.x86_64.rpm

SHA-256: 130d11de3b78a7bad799f7d7b0552eff30f5c03b3b9bac31802084f0d76fd3d9

kpatch-patch-4_18_0-193_113_1-1-1.el8_2.x86_64.rpm

SHA-256: a4f71df8557416864600b687ea0793852a053e19493dbcccfe13b2e4cc3dcd25

kpatch-patch-4_18_0-193_113_1-debuginfo-1-1.el8_2.x86_64.rpm

SHA-256: 46f4f88605442bb2a2f92c0283803bdd20bd4c9175df12d6a91d7d38d48fee8f

kpatch-patch-4_18_0-193_113_1-debugsource-1-1.el8_2.x86_64.rpm

SHA-256: c1855d9d67bfe38a43b46184273ed607256c58805846f92daa2ee8bfafdbbb94

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-0262-03

Red Hat Security Advisory 2024-0262-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-0261-03

Red Hat Security Advisory 2024-0261-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7558-01

Red Hat Security Advisory 2023-7558-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7419-01

Red Hat Security Advisory 2023-7419-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7418-01

Red Hat Security Advisory 2023-7418-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7379-01

Red Hat Security Advisory 2023-7379-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-5794-01

Red Hat Security Advisory 2023-5794-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-5628-01

Red Hat Security Advisory 2023-5628-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5589-01

Red Hat Security Advisory 2023-5589-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.

RHSA-2023:5589: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_co...

RHSA-2023:5548: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-202...

Ubuntu Security Notice USN-6386-3

Ubuntu Security Notice 6386-3 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6396-1

Ubuntu Security Notice 6396-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information.

Ubuntu Security Notice USN-6386-1

Ubuntu Security Notice 6386-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6385-1

Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2023-5235-01

Red Hat Security Advisory 2023-5235-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-5238-01

Red Hat Security Advisory 2023-5238-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6383-1

Ubuntu Security Notice 6383-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the ARM64 KVM implementation in the Linux kernel did not properly restrict hypervisor memory access. An attacker in a guest VM could use this to execute arbitrary code in the host OS.

RHSA-2023:5235: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate t...

CVE-2023-4128: Invalid Bug ID

A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.

Red Hat Security Advisory 2023-4230-01

Red Hat Security Advisory 2023-4230-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

RHSA-2023:4230: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code l...

Red Hat Security Advisory 2023-3462-01

Red Hat Security Advisory 2023-3462-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

RHSA-2023:3517: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could exec...

RHSA-2023:3462: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_con...

Ubuntu Security Notice USN-5831-1

Ubuntu Security Notice 5831-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5830-1

Ubuntu Security Notice 5830-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5814-1

Ubuntu Security Notice 5814-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5804-1

Ubuntu Security Notice 5804-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5783-1

Ubuntu Security Notice 5783-1 - Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.