CVE-2022-48844

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_core: Fix leaking sent_cmd skb

sent_cmd memory is not freed before freeing hci_dev causing it to leak it contents.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux58ce6d5b271ab25fb2056f84a8e5546945eb5fc9 < 3679ccc09d8806686d579095ed504e045af7f7d6affected
LinuxLinux58ce6d5b271ab25fb2056f84a8e5546945eb5fc9 < 9473d06bd1c8da49eafb685aa95a290290c672ddaffected
LinuxLinux58ce6d5b271ab25fb2056f84a8e5546945eb5fc9 < dd3b1dc3dd050f1f47cd13e300732852414270f8affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.30 <= 5.15.*unaffected
LinuxLinux5.16.16 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References