Use-After-Free Vulnerability in Linux Kernel Bluetooth Stack
CVE-2022-49909

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2025

Summary

A use-after-free vulnerability exists in the Bluetooth L2CAP implementation of the Linux kernel. This vulnerability occurs when the system fails to adequately manage the reference counting of channels during error conditions. Specifically, when a channel is created and subsequently freed without proper synchronization, it could lead to a potential exploit vector. This flaw may allow an attacker to cause system instability, execute arbitrary code, or create denial of service conditions, making it crucial to apply timely patches to mitigate associated risks.

Affected Version(s)

Linux d255c861e268ba342e855244639a15f12d7a0bf2

Linux 5bb395334392891dffae5a0e8f37dbe1d70496c9 < 17c6164854f8bb80bf76f32b2c2f199c16b53703

Linux bbd1fdb0e1adf827997a93bf108f20ede038e56e < 7f7bfdd9a9af3b12c33d9da9a012e7f4d5c91f4b

References

https://git.kernel.org/stable/c/db4a0783ed78beb2ebaa32f5f...

https://git.kernel.org/stable/c/17c6164854f8bb80bf76f32b2...

https://git.kernel.org/stable/c/7f7bfdd9a9af3b12c33d9da9a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
May 1, 2025