Login Sign Up

CVE-2022-49474

7.8 HIGH

📋 TL;DR

A race condition in the Linux kernel's Bluetooth subsystem allows use-after-free when connecting the same socket twice consecutively. This can lead to kernel memory corruption and potential system crashes or privilege escalation. Affects Linux systems with Bluetooth enabled.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE; check kernel commit history for vulnerable code
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when Bluetooth subsystem is enabled and in use; systems without Bluetooth hardware or with Bluetooth disabled are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation to kernel mode execution if combined with other vulnerabilities.

🟠

Likely Case

System instability, crashes, or denial of service affecting Bluetooth functionality.

🟢

If Mitigated

Limited impact if Bluetooth is disabled or not in use; patched systems are protected.

🌐 Internet-Facing: LOW - Requires local access to Bluetooth stack, not directly exploitable over internet.
🏢 Internal Only: MEDIUM - Requires local access to system with Bluetooth enabled; could be exploited by malicious local users or malware.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to create Bluetooth sockets; race condition makes exploitation timing-dependent.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 36c644c63bfcaee2d3a426f45e89a9cd09799318, 390d82733a953c1fabf3de9c9618091a7a9c90a6, 537f619dea4e3fa8ed1f8f938abffe3615794bcc, 65d347cb39e2e6bd0c2a745ad7c928998ebb0162, 6f55fac0af3531cf60d11369454c41f5fc81ab3f

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable Bluetooth

Linux

Disable Bluetooth subsystem to prevent exploitation

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo modprobe -r btusb bluetooth

🧯 If You Can't Patch

  • Disable Bluetooth functionality completely
  • Restrict user access to Bluetooth sockets via SELinux/AppArmor policies

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched commits; examine if Bluetooth is active: 'lsmod | grep -i bluetooth'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version; check that Bluetooth functionality still works if needed

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Bluetooth subsystem crashes in dmesg
  • Use-after-free warnings in kernel logs

Network Indicators:

  • Unusual Bluetooth connection attempts
  • Multiple rapid socket connections

SIEM Query:

source="kernel" AND ("panic" OR "use-after-free" OR "sco_sock")

📊 Metadata

CVE ID: CVE-2022-49474
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.03% exploit probability (9.6th percentile)
Published: February 26, 2025
Last Updated: March 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49474, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)