CVE-2022-49136

Summary

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set

hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has been set as that means hci_unregister_dev has been called so it will likely cause a uaf after the timeout as the hdev will be freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6a98e3836fa2077b169f10a35c2ca9952d53f987 < 1c69ef84a808676cceb69210addf5df45b741323affected
LinuxLinux6a98e3836fa2077b169f10a35c2ca9952d53f987 < 0b94f2651f56b9e4aa5f012b0d7eb57308c773cfaffected
LinuxLinux5.17affected
LinuxLinux0 < 5.17unaffected
LinuxLinux5.17.3 <= 5.17.*unaffected
LinuxLinux5.18 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References