vulnerability
Ubuntu: (CVE-2022-49136): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Feb 26, 2025 | Jun 26, 2025 | Mar 27, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Feb 26, 2025
Added
Jun 26, 2025
Modified
Mar 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set
hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has
been set as that means hci_unregister_dev has been called so it will
likely cause a uaf after the timeout as the hdev will be freed.
Solution
no-fix-ubuntu-package
References
- CVE-2022-49136
- https://attackerkb.com/topics/CVE-2022-49136
- CWE-416
- EUVD-EUVD-2022-55087
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-55087
- https://git.kernel.org/linus/0b94f2651f56b9e4aa5f012b0d7eb57308c773cf
- https://git.kernel.org/stable/c/0b94f2651f56b9e4aa5f012b0d7eb57308c773cf
- https://git.kernel.org/stable/c/1c69ef84a808676cceb69210addf5df45b741323
- https://www.cve.org/CVERecord?id=CVE-2022-49136
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.