2320767 – (CVE-2022-48971) CVE-2022-48971 kernel: Bluetooth: Fix not cleanup led when bt_init fails

Bug 2320767 (CVE-2022-48971) - CVE-2022-48971 kernel: Bluetooth: Fix not cleanup led when bt_init fails

Summary: CVE-2022-48971 kernel: Bluetooth: Fix not cleanup led when bt_init fails

Keywords:
Status:	NEW
Alias:	CVE-2022-48971
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2325927
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-21 22:02 UTC by OSIDB Bzimport
Modified:	2024-11-13 15:33 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-10-21 22:02:56 UTC

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: Fix not cleanup led when bt_init fails

bt_init() calls bt_leds_init() to register led, but if it fails later,
bt_leds_cleanup() is not called to unregister it.

This can cause panic if the argument "bluetooth-power" in text is freed
and then another led_trigger_register() tries to access it:

BUG: unable to handle page fault for address: ffffffffc06d3bc0
RIP: 0010:strcmp+0xc/0x30
  Call Trace:
    <TASK>
    led_trigger_register+0x10d/0x4f0
    led_trigger_register_simple+0x7d/0x100
    bt_init+0x39/0xf7 [bluetooth]
    do_one_initcall+0xd0/0x4e0

Comment 1 Avinash Hanwate 2024-10-22 05:59:19 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024102144-CVE-2022-48971-6025@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.