Bluetooth Vulnerability in Linux Kernel Affecting Multiple Versions

CVE-2022-50233

What is CVE-2022-50233?

A vulnerability in the Bluetooth subsystem of the Linux kernel was identified due to the incorrect handling of device name strings. Specifically, the 'dev_name' and 'short_name' attributes were not guaranteed to be NULL terminated, making them susceptible to issues during string operations. The flaw was addressed by employing 'strnlen' to properly calculate string lengths and ensure appropriate truncation. This enhancement improves the reliability of Bluetooth communications, reducing the risk of unexpected behavior or potential exploitation.

References