CVE-2022-3640 A critical vulnerability was found in the Linux Kernel. The affected function is l2cap_conn_del of the component Bluetooth. The vulnerability leads to use after free.

Another critical issue was found in AIX. It is a vulnerability related to unauthorized program execution. Affected is the function radvd. The vulnerability is due to lack of input validation. An attacker can exploit this bug to take control of an affected device. The identifier of this vulnerability is VDB-211306.

According to the RedHat advisory, there are other issues that are classified as important.
On RedHat Enterprise Linux, there is a bug related to privilege escalation. Affected is the program libsmbclient. It is possible to escalate privileges by creating a malicious (untrusted) LSASS process. The identifier of this vulnerability is VDB-211300. On Red Hat Enterprise Linux, there is another bug related to privilege escalation. Affected is the program libsmbclient. It is possible to escalate privileges by creating a malicious (untrusted) LSASS process. The identifier of this vulnerability is VDB-211300. Another important bug was found in AIX. It is a privilege escalation bug. Affected is the program libsmbclient. It is possible to escalate privileges by creating a malicious (untrusted) LSASS process. The identifier of this vulnerability is VDB-211300. Another important bug was found in AIX. It is a privilege escalation bug. Affected is the program libsmbclient. It is possible to escalate privileges by creating a malicious (untrusted) LSASS process. The identifier of

Oracle Linux

The bug exists in the Red Hat Enterprise Linux 7.5 kernel. An attacker can exploit this bug to gain elevated privileges. The identifier of this vulnerability is CVE-0228-7378.

In conclusion, there are numerous bugs on Oracle Linux that are classified as important. In addition, there is a privilege escalation bug that affects the privileged program called libsmbclient. This bug is classified as critical and can lead to elevated privileges if exploited.

Affected Software and Versions

CVE-2022-3640 affects AIX.
VDB-211306 is a vulnerability related to unauthorized program execution. Affected is the function radvd.The identifier of this vulnerability is VDB-211306.
VDB-211300 is a privilege escalation bug related to libsmbclient. Affected is the program libsmbclient. The identifier of this vulnerability is VDB-211300.
VDB-211200 is a privilege escalation bug related to libsmbclient. Affected is the program libsmbclient. The identifier of this vulnerability is VDB-211200.

How to avoid AIX vulnerability?

The CVE-2022-3640 vulnerability can be avoided by upgrading the packages which are vulnerable.

Timeline

Published on: 10/21/2022 15:15:00 UTC
Last modified on: 11/15/2022 03:15:00 UTC

References

• https://vuldb.com/?id.211944
• https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3640