CVE-2022-50447
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50447
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50447.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50447
- Downstream
- Related
- Published
- 2025-10-01T11:45:21Z
- Modified
- 2025-10-21T13:02:53.676635Z
- Summary
- Bluetooth: hci_conn: Fix crash on hci_create_cis_sync
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hciconn: Fix crash on hcicreatecissync
When attempting to connect multiple ISO sockets without using DEFER_SETUP may result in the following crash:
BUG: KASAN: null-ptr-deref in hcicreatecis_sync+0x18b/0x2b0 Read of size 2 at addr 0000000000000036 by task kworker/u3:1/50
CPU: 0 PID: 50 Comm: kworker/u3:1 Not tainted 6.0.0-rc7-02243-gb84a13ff4eda #4373 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-1.fc36 04/01/2014 Workqueue: hci0 hcicmdsyncwork Call Trace: <TASK> dumpstacklvl+0x19/0x27 kasanreport+0xbc/0xf0 ? hcicreatecissync+0x18b/0x2b0 hcicreatecissync+0x18b/0x2b0 ? getlinkmode+0xd0/0xd0 ? _wwmutexlockslowpath+0x10/0x10 ? mutexlock+0xe0/0xe0 ? getlinkmode+0xd0/0xd0 hcicmdsyncwork+0x111/0x190 processonework+0x427/0x650 workerthread+0x87/0x750 ? processonework+0x650/0x650 kthread+0x14e/0x180 ? kthreadexit+0x50/0x50 retfromfork+0x22/0x30 </TASK>
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced26afbd826ee326e63a334c37fd45e82e50a615ecFixeda190cd9dc62d6ebeb679c1abe9dda4162dfefc84
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced26afbd826ee326e63a334c37fd45e82e50a615ecFixed09a3b0c9c7c6b10587fbb610b718014703cff341
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced26afbd826ee326e63a334c37fd45e82e50a615ecFixed50757a259ba78c4e938b5735e76ffec6cd0c942e
Affected versions
v5.*
v5.19
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50757a259ba78c4e938b5735e76ffec6cd0c942e",
"id": "CVE-2022-50447-12dea7cc",
"signature_version": "v1",
"target": {
"function": "hci_create_cis_sync",
"file": "net/bluetooth/hci_conn.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "172732881651489758618342961829993399324",
"length": 1115.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@09a3b0c9c7c6b10587fbb610b718014703cff341",
"id": "CVE-2022-50447-329e6884",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_conn.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"28064662071436202786078725538235071746",
"86716207678745321715631704962240716015",
"193416752604263688399732435136371758945",
"174658152701884044175138406297509826711"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a190cd9dc62d6ebeb679c1abe9dda4162dfefc84",
"id": "CVE-2022-50447-81865cb4",
"signature_version": "v1",
"target": {
"function": "hci_create_cis_sync",
"file": "net/bluetooth/hci_conn.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "172732881651489758618342961829993399324",
"length": 1115.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@09a3b0c9c7c6b10587fbb610b718014703cff341",
"id": "CVE-2022-50447-91f59493",
"signature_version": "v1",
"target": {
"function": "hci_create_cis_sync",
"file": "net/bluetooth/hci_conn.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "172732881651489758618342961829993399324",
"length": 1115.0
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@50757a259ba78c4e938b5735e76ffec6cd0c942e",
"id": "CVE-2022-50447-bb724b14",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_conn.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"28064662071436202786078725538235071746",
"86716207678745321715631704962240716015",
"193416752604263688399732435136371758945",
"174658152701884044175138406297509826711"
]
}
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a190cd9dc62d6ebeb679c1abe9dda4162dfefc84",
"id": "CVE-2022-50447-f43980eb",
"signature_version": "v1",
"target": {
"file": "net/bluetooth/hci_conn.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"28064662071436202786078725538235071746",
"86716207678745321715631704962240716015",
"193416752604263688399732435136371758945",
"174658152701884044175138406297509826711"
]
}
}
]