CVE-2022-49136

HIGH

Linux Kernel 5.17-5.17.2 - Use-After-Free in Bluetooth HCI Command Queue

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has been set as that means hci_unregister_dev has been called so it will likely cause a uaf after the timeout as the hdev will be freed.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/1c69ef84a808676cceb69210addf5df45b741323

Patch

https://git.kernel.org/stable/c/0b94f2651f56b9e4aa5f012b0d7eb57308c773cf

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 14.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (8)

linux/Kernel 5.17.0 - 5.17.3linux

Linux/Linux < 5.17

Linux/Linux 5.17

Linux/Linux 5.17.3 - 5.17.*

Linux/Linux 5.18

Linux/Linux 6a98e3836fa2077b169f10a35c2ca9952d53f987 - 0b94f2651f56b9e4aa5f012b0d7eb57308c773cf

Linux/Linux 6a98e3836fa2077b169f10a35c2ca9952d53f987 - 1c69ef84a808676cceb69210addf5df45b741323

linux/linux_kernel 5.17 - 5.17.3

Published Feb 26, 2025

Tracked Since Feb 18, 2026