Bluetooth Vulnerability in Linux Kernel by The Linux Foundation

CVE-2022-50374

What is CVE-2022-50374?

In the Linux kernel, a vulnerability has been identified involving Bluetooth components. A failure in the initialization of the percpu_rwsem can lead to a NULL pointer dereference during the execution of hci_uart_tty_close(). This issue arises because the hci_uart_tty_open() function does not correctly handle failures from percpu_init_rwsem(). Additionally, the functions hci_uart_register_device() and hci_uart_unregister_device() fail to manage percpu_init_rwsem() errors properly, potentially leading to system instability. It is essential for users of affected versions to apply patches that resolve these vulnerabilities to maintain the security and stability of their systems.

References