CVE-2022-3565 (High) detected in linux-yoctov5.4.51, linux-yoctov5.4.51

[mend-bolt-for-github[bot]]

CVE-2022-3565 - High Severity Vulnerability

Vulnerable Libraries - linux-yoctov5.4.51, linux-yoctov5.4.51

Vulnerability Details

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.

Publish Date: 2022-10-17

URL: CVE-2022-3565

CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2022-3565

Release Date: 2022-10-17

Fix Resolution: v4.9.331,v4.14.296,v4.19.262,v5.4.220,v5.10.150,v5.15.75,v6.0.3

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.