vulnerability
Oracle Linux: CVE-2022-49136: ELSA-2025-10669: kernel security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:S/C:C/I:C/A:C) | Feb 26, 2025 | Jul 11, 2025 | Jul 17, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
Feb 26, 2025
Added
Jul 11, 2025
Modified
Jul 17, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set
hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has
been set as that means hci_unregister_dev has been called so it will
likely cause a uaf after the timeout as the hdev will be freed.
A vulnerability was found in the Linux kernel's Bluetooth subsystem in the `hci_cmd_sync_queue()` function. There was a missing check for whether the `HCI_UNREGISTER` flag had been set, meaning that commands were still sent even as the Bluetooth device was being unregistered. This issue could lead to a use-after-free scenario where the command is executed after the device structure is freed, potentially leading to a crash, arbitrary code execution, and system instability.
Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set
hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has
been set as that means hci_unregister_dev has been called so it will
likely cause a uaf after the timeout as the hdev will be freed.
A vulnerability was found in the Linux kernel's Bluetooth subsystem in the `hci_cmd_sync_queue()` function. There was a missing check for whether the `HCI_UNREGISTER` flag had been set, meaning that commands were still sent even as the Bluetooth device was being unregistered. This issue could lead to a use-after-free scenario where the command is executed after the device structure is freed, potentially leading to a crash, arbitrary code execution, and system instability.
Solution
oracle-linux-upgrade-kernel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.