vulnerability
Ubuntu: (CVE-2022-49136): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Feb 26, 2025 | Jun 26, 2025 | Aug 18, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Feb 26, 2025
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set
hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has
been set as that means hci_unregister_dev has been called so it will
likely cause a uaf after the timeout as the hdev will be freed.
Solution
no-fix-ubuntu-package
References
- CVE-2022-49136
- https://attackerkb.com/topics/CVE-2022-49136
- CWE-416
- URL-https://git.kernel.org/linus/0b94f2651f56b9e4aa5f012b0d7eb57308c773cf
- URL-https://git.kernel.org/stable/c/0b94f2651f56b9e4aa5f012b0d7eb57308c773cf
- URL-https://git.kernel.org/stable/c/1c69ef84a808676cceb69210addf5df45b741323
- URL-https://www.cve.org/CVERecord?id=CVE-2022-49136
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.