CVE-2022-49136
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's Bluetooth subsystem. When the HCI_UNREGISTER flag is set during device unregistration, the hci_cmd_sync_queue function fails to properly handle queued commands, potentially leading to memory corruption. This affects Linux systems with Bluetooth functionality enabled.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation leading to full system compromise if an attacker can trigger the use-after-free condition and execute arbitrary code.
Likely Case
System instability, crashes, or denial of service affecting Bluetooth functionality and potentially the entire system.
If Mitigated
Limited impact to Bluetooth operations with no system-wide compromise if proper kernel protections are in place.
🎯 Exploit Status
Exploitation requires local access and ability to trigger Bluetooth device unregistration while commands are queued.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel commits 0b94f2651f56b9e4aa5f012b0d7eb57308c773cf and 1c69ef84a808676cceb69210addf5df45b741323
Vendor Advisory: https://git.kernel.org/stable/c/0b94f2651f56b9e4aa5f012b0d7eb57308c773cf
Restart Required: Yes
Instructions:
1. Update Linux kernel to a version containing the fix. 2. Check with your distribution vendor for specific patched kernel versions. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable Bluetooth
LinuxTemporarily disable Bluetooth functionality to prevent exploitation
systemctl stop bluetooth
systemctl disable bluetooth
rfkill block bluetooth
🧯 If You Can't Patch
- Disable Bluetooth functionality completely
- Implement strict access controls to prevent local users from manipulating Bluetooth devices
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if Bluetooth subsystem is loaded: lsmod | grep bluetoothCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to include the patched commits, check with: uname -r📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Bluetooth subsystem crashes in dmesg
- Use-after-free warnings in kernel logs
Network Indicators:
- Unexpected Bluetooth disconnections
- Bluetooth service failures
SIEM Query:
source="kernel" AND ("panic" OR "oops" OR "use-after-free") AND "bluetooth"