CVE-2022-49136
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49136
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49136.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49136
- Downstream
- Related
- Published
- 2025-02-26T01:55:09.345Z
- Modified
- 2025-11-19T13:20:21.985433Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hcisync: Fix queuing commands when HCIUNREGISTER is set
hcicmdsyncqueue shall return an error if HCIUNREGISTER flag has been set as that means hciunregisterdev has been called so it will likely cause a uaf after the timeout as the hdev will be freed.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6a98e3836fa2077b169f10a35c2ca9952d53f987Fixed1c69ef84a808676cceb69210addf5df45b741323
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6a98e3836fa2077b169f10a35c2ca9952d53f987Fixed0b94f2651f56b9e4aa5f012b0d7eb57308c773cf
Affected versions
v5.*
v5.15
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.2
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_sync.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0b94f2651f56b9e4aa5f012b0d7eb57308c773cf",
"digest": {
"line_hashes": [
"154634105364161290846500009488750341223",
"135585212409235367623890972339430220298",
"223768512819758033911864999193819790720"
],
"threshold": 0.9
},
"id": "CVE-2022-49136-647eecce"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_sync.c",
"function": "hci_cmd_sync_queue"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0b94f2651f56b9e4aa5f012b0d7eb57308c773cf",
"digest": {
"length": 472.0,
"function_hash": "45848571627596387069700667677577571550"
},
"id": "CVE-2022-49136-71e19980"
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_sync.c",
"function": "hci_cmd_sync_queue"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1c69ef84a808676cceb69210addf5df45b741323",
"digest": {
"length": 472.0,
"function_hash": "45848571627596387069700667677577571550"
},
"id": "CVE-2022-49136-825610cd"
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_sync.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1c69ef84a808676cceb69210addf5df45b741323",
"digest": {
"line_hashes": [
"154634105364161290846500009488750341223",
"135585212409235367623890972339430220298",
"223768512819758033911864999193819790720"
],
"threshold": 0.9
},
"id": "CVE-2022-49136-c3909de7"
}
]