Bug 2347916 (CVE-2022-49138) - CVE-2022-49138 kernel: Bluetooth: hci_event: Ignore multiple conn complete events
Summary: CVE-2022-49138 kernel: Bluetooth: hci_event: Ignore multiple conn complete ev...
Keywords:
Status: NEW
Alias: CVE-2022-49138
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:11 UTC by OSIDB Bzimport
Modified: 2025-02-27 07:44 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:11:16 UTC 
In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_event: Ignore multiple conn complete events

When one of the three connection complete events is received multiple
times for the same handle, the device is registered multiple times which
leads to memory corruptions. Therefore, consequent events for a single
connection are ignored.

The conn->state can hold different values, therefore HCI_CONN_HANDLE_UNSET
is introduced to identify new connections. To make sure the events do not
contain this or another invalid handle HCI_CONN_HANDLE_MAX and checks
are introduced.

Buglink: https://bugzilla.kernel.org/show_bug.cgi?id=215497
Comment 1 Avinash Hanwate 2025-02-26 12:22:46 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2022-49138-a241@gregkh/T
Comment 4 Avinash Hanwate 2025-02-26 16:44:05 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2022-49138-a241@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.