Login Sign Up

CVE-2022-50386

8.0 HIGH
Denial of Service

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's Bluetooth L2CAP subsystem that allows an attacker to potentially execute arbitrary code or cause a denial of service. It affects Linux systems with Bluetooth enabled and requires local access or the ability to send malicious Bluetooth packets to the target system.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when Bluetooth is enabled and in use. Systems without Bluetooth hardware or with Bluetooth disabled are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel-level arbitrary code execution leading to full system compromise, privilege escalation, or persistent root access.

🟠

Likely Case

Kernel panic or system crash causing denial of service, potentially requiring physical reboot.

🟢

If Mitigated

Limited impact if Bluetooth is disabled or proper network segmentation prevents Bluetooth access from untrusted sources.

🌐 Internet-Facing: LOW - Requires Bluetooth proximity or local network access, not directly exploitable over internet.
🏢 Internal Only: MEDIUM - Exploitable by attackers with local access or on the same Bluetooth network segment.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to send malicious Bluetooth packets to the target. Local access or Bluetooth proximity needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits: 0c108cf3ad386e0084277093b55a351c49e0be27, 11e40d6c0823f699d8ad501e48d1c3ae4be386cd, 15fc21695eb606bdc5d483b92118ee42610a952d, 35fcbc4243aad7e7d020b7c1dfb14bb888b20a4f, 6ffde6e03085874ae22263ff4cef4869f797e84f

Vendor Advisory: https://git.kernel.org/stable/c/0c108cf3ad386e0084277093b55a351c49e0be27

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable Bluetooth

linux

Completely disable Bluetooth subsystem to prevent exploitation

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rfkill block bluetooth

Disable L2CAP protocol

linux

Block L2CAP Bluetooth protocol if Bluetooth must remain enabled

sudo hciconfig hci0 down
sudo modprobe -r btusb
sudo modprobe -r bluetooth

🧯 If You Can't Patch

  • Disable Bluetooth completely on affected systems
  • Implement strict network segmentation to isolate Bluetooth traffic from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions. Check if Bluetooth is active: 'systemctl status bluetooth' and 'hciconfig'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version. Check system logs for Bluetooth-related crashes.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • KASAN use-after-free reports in dmesg
  • Bluetooth subsystem crashes in system logs

Network Indicators:

  • Unusual Bluetooth connection attempts
  • Malformed Bluetooth packets

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "l2cap" OR "Bluetooth crash")

📊 Metadata

CVE ID: CVE-2022-50386
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.03% exploit probability (8.7th percentile)
Published: September 18, 2025
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50386, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)