CVE-2022-49908

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak has been identified in the Linux kernel's Bluetooth L2CAP implementation. The issue arises when the HCI core processes ACL data packets without freeing the skb, specifically when the start fragment does not contain the L2CAP length. This triggers a memory leak, as reported by Syzkaller. The problem occurs in the l2cap recv acldata() function, where the skb is copied into conn->rx skb without being freed. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the patch that releases the relative skb after processing the case in l2cap recv acldata(). As a temporary workaround, consider disabling the vhci write function until a patch is available. Restrict access to the vulnerable l2cap recv acldata() function to minimize the risk of exploitation. Avoid using the conn->rx skb variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.