CVE-2022-49202

MEDIUM

Linux Kernel 5.15-5.15.32 5.16-5.16.18 5.17 - NULL Pointer Dereference in hci_uart h5_enqueue

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: add missing NULL check in h5_enqueue Syzbot hit general protection fault in __pm_runtime_resume(). The problem was in missing NULL check. hu->serdev can be NULL and we should not blindly pass &serdev->dev somewhere, since it will cause GPF.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/7235485433d290367d60ae22fcdfc565e61d42ab

Patch

https://git.kernel.org/stable/c/e6b6c904c0f88588b6a3ace20e4c0d61eab124f8

Patch

https://git.kernel.org/stable/c/8a3896c30f542439d36303183dc96f65df8cc528

Patch

https://git.kernel.org/stable/c/32cb08e958696908a9aad5e49a78d74f7e32fffb

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 15.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (14)

linux/Kernel 5.15.0 - 5.15.33linux

linux/Kernel 5.16.0 - 5.16.19linux

linux/Kernel 5.17.0 - 5.17.2linux

Linux/Linux < 5.15

Linux/Linux 5.15

Linux/Linux 5.15.33 - 5.15.*

Linux/Linux 5.16.19 - 5.16.*

Linux/Linux 5.17.2 - 5.17.*

Linux/Linux 5.18

Linux/Linux d9dd833cf6d29695682ec7e7924c0d0992b906bc - 32cb08e958696908a9aad5e49a78d74f7e32fffb

... and 4 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026