Page 1 of 1
CVE-2022-3564
Posted: 2023/07/31 14:57:28
by vvprasadj
Fix for CVE-2022-3564 (kernel is Vulnerable) has been released for RHEL 7 on 19 July 2023.
This is not yet available for CentOS.
Does next batch of updates for CentOS 7 contains fix for this?
Re: CVE-2022-3564
Posted: 2023/07/31 16:10:20
by TrevorH
kernel 3.10.0-1160.95.1.el7.x86_64 is indeed one of the updates that is pending release. Currently stuck on failing CI tests I think.
Re: CVE-2022-3564
Posted: 2023/08/03 16:54:16
by TrevorH
Just released.
Re: CVE-2022-3564
Posted: 2023/08/03 19:22:44
by vvprasadj
Thank you for the update TrevorH.
Re: CVE-2022-3564
Posted: 2023/08/24 20:25:34
by pmalenfant
I just updated my kernel to 3.10.0-1160.95.1.el7.x86_64, but our security scanner (Kenna) still flags it as containing this CVE.
Could someone please confirm that this kernel contains the patch for the CVE?
Or, is there something different that I need to apply?
Thanks in advance
Re: CVE-2022-3564
Posted: 2023/08/24 22:12:18
by TrevorH
rpm -q --changelog kernel-$(uname -r) on a system running that kernel says
* Mon Jun 05 2023 Rado Vrbovsky <
rvrbovsk@redhat.com> [3.10.0-1160.93.1.el7]
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Wander Lairson Costa) [2152941] {CVE-2022-3564}
What does uname -r say on your machine?
Re: CVE-2022-3564
Posted: 2023/08/25 11:38:44
by jlehtone
Does Kenna belong to the group of "some tools" that Red Hat mentions in:
https://access.redhat.com/solutions/57665
Re: CVE-2022-3564
Posted: 2023/08/25 12:22:02
by pmalenfant
uname output for my system:
# uname -r
3.10.0-1160.95.1.el7.x86_64
Re: CVE-2022-3564
Posted: 2023/08/25 12:28:30
by pmalenfant
I ran the rpm -q -changelog kernel-$(uname -r) | grep "CVE-2022-3564"
it returns
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Wander Lairson Costa) [2152941] {CVE-2022-3564}
I can't attach the entire file -- says too large.
That makes me think this vulnerability should be fixed
Re: CVE-2022-3564
Posted: 2023/08/25 12:35:02
by TrevorH
Sounds like a problem with the security scanner then.