CVE-2022-49200

MEDIUM EPSS 15.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt Fix the following kernel oops in btmtksdio_interrrupt [ 14.339134] btmtksdio_interrupt+0x28/0x54 [ 14.339139] process_sdio_pending_irqs+0x68/0x1a0 [ 14.339144] sdio_irq_work+0x40/0x70 [ 14.339154] process_one_work+0x184/0x39c [ 14.339160] worker_thread+0x228/0x3e8 [ 14.339168] kthread+0x148/0x3ac [ 14.339176] ret_from_fork+0x10/0x30 That happened because hdev->power_on is already called before sdio_set_drvdata which btmtksdio_interrupt handler relies on is not properly set up. The details are shown as the below: hci_register_dev would run queue_work(hdev->req_workqueue, &hdev->power_on) as WQ_HIGHPRI workqueue_struct to complete the power-on sequeunce and thus hci_power_on may run before sdio_set_drvdata is done in btmtksdio_probe. The hci_dev_do_open in hci_power_on would initialize the device and enable the interrupt and thus it is possible that btmtksdio_interrupt is being called right before sdio_set_drvdata is filled out. When btmtksdio_interrupt is being called and sdio_set_drvdata is not filled , the kernel oops is going to happen because btmtksdio_interrupt access an uninitialized pointer.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.2  –  <5.4.189
linuxlinux_kernel*≥5.5  –  <5.10.110
linuxlinux_kernel*≥5.11  –  <5.15.33
linuxlinux_kernel*≥5.16  –  <5.16.19
linuxlinux_kernel*≥5.17  –  <5.17.2

References 6

  • git.kernel.org https://git.kernel.org/stable/c/4d3d1f2c35a19988d3c5f0ee86038b525e830840
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6d7be5afbb41c918d2f12f857f8c7efa50500be2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70a6cf749d9ff9f463490248322e5343199bc267
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/770a97d3f34b801de1b04737b43e02c55118c41a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/874eca93966a786eace87fa6dfb206c2dd9519b1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b062a0b9c1dc1ff63094337dccfe1568d5b62023
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/4d3d1f2c35a19988d3c5f0ee86038b525e830840
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6d7be5afbb41c918d2f12f857f8c7efa50500be2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70a6cf749d9ff9f463490248322e5343199bc267
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/770a97d3f34b801de1b04737b43e02c55118c41a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/874eca93966a786eace87fa6dfb206c2dd9519b1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b062a0b9c1dc1ff63094337dccfe1568d5b62023
    Patch