CVE-2022-49555

MEDIUM EPSS 14.9%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling del_timer() instead of del_timer_sync() just before freeing. One possible culprit is the hci_qca driver, which does exactly that. Eric mentioned that wake_retrans_timer could be rearmed via the work queue, so also move the destruction of the work queue before del_timer_sync().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥4.3  –  <5.10.120
linuxlinux_kernel*≥5.11  –  <5.15.45
linuxlinux_kernel*≥5.16  –  <5.17.13
linuxlinux_kernel*≥5.18  –  <5.18.2

References 5

  • git.kernel.org https://git.kernel.org/stable/c/2717654ae022e6ea959a4b7b762702fe1a4690c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/37d17f63d085d601011964ade7371aeebeb6ed4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4989bb03342941f2b730b37dfa38bce27b543661
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72ef98445aca568a81c2da050532500a8345ad3a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db03727b4bbbbb36e6ef4cb655c670eefb6448e9
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2717654ae022e6ea959a4b7b762702fe1a4690c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/37d17f63d085d601011964ade7371aeebeb6ed4b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4989bb03342941f2b730b37dfa38bce27b543661
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72ef98445aca568a81c2da050532500a8345ad3a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db03727b4bbbbb36e6ef4cb655c670eefb6448e9
    Patch