Login Sign Up

CVE-2022-50419

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability in the Linux kernel's Bluetooth subsystem occurs when device_add() is called multiple times for the same device structure, violating kernel API rules. This can cause a kernel panic (system crash) when handling certain Bluetooth events. Systems running affected Linux kernel versions with Bluetooth enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not explicitly stated in CVE; check kernel commit history for exact ranges
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Bluetooth enabled and using the hci_sysfs module. The vulnerability was discovered by syzkaller fuzzer.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service, potentially requiring physical access to reboot the system.

🟠

Likely Case

System crash or instability when specific Bluetooth events trigger the double device_add() call, causing service disruption.

🟢

If Mitigated

Minimal impact if Bluetooth is disabled or the system is patched; otherwise, potential crashes during Bluetooth operations.

🌐 Internet-Facing: LOW - This vulnerability requires local access or Bluetooth proximity; not directly exploitable over internet.
🏢 Internal Only: MEDIUM - Internal attackers with Bluetooth access could potentially trigger crashes, but requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific Bluetooth events that cause the double device_add() call. The syzkaller report suggests it's triggerable but not trivial.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 1b6c89571f453101251201f0fad1c26f7256e937, 3423a50fa018e88aed4c900d59c3c8334d8ad583, 448a496f760664d3e2e79466aa1787e6abc922b5, 4bcefec3636208b4c97536b26014d5935d5c10a0, 6144423712d570247b8ca26e50a277c30dd13702

Vendor Advisory: https://git.kernel.org/stable/c/1b6c89571f453101251201f0fad1c26f7256e937

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable Bluetooth

linux

Disable Bluetooth functionality to prevent triggering the vulnerability

sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rfkill block bluetooth

Blacklist hci_sysfs module

linux

Prevent loading of the vulnerable hci_sysfs kernel module

echo 'blacklist hci_sysfs' | sudo tee /etc/modprobe.d/blacklist-hci_sysfs.conf
sudo update-initramfs -u
sudo reboot

🧯 If You Can't Patch

  • Disable Bluetooth functionality completely on affected systems
  • Implement strict access controls to prevent unauthorized Bluetooth connections

🔍 How to Verify

Check if Vulnerable:

Check if Bluetooth is enabled and kernel version is unpatched: 'systemctl status bluetooth' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and Bluetooth functions normally after patch: 'uname -r' and test Bluetooth connectivity

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • Bluetooth subsystem crash logs
  • System crash/reboot events

Network Indicators:

  • Unusual Bluetooth connection attempts
  • Bluetooth service disruptions

SIEM Query:

source="kernel" AND ("list_debug.c:33" OR "invalid opcode" OR "hci_sysfs" OR "device_add multiple times")

📊 Metadata

CVE ID: CVE-2022-50419
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-415
EPSS Score: 0.01% exploit probability (1th percentile)
Published: September 18, 2025
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50419, you might also want to check these:

CVE-2020-35885 9.8

This vulnerability in the alpm-rs Rust crate allows double-free memory corruption due to improper de...

Same vulnerability type (CWE-415)
CVE-2021-29940 9.8

This vulnerability in the Rust 'through' crate allows double-free memory corruption when the map fun...

Same vulnerability type (CWE-415)
CVE-2023-49937 9.8

This CVE describes a double-free vulnerability in SchedMD Slurm workload manager that allows attacke...

Same vulnerability type (CWE-415)