CVE-2022-49138

CVSS v3.1

5.7

Medium

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory corruption issue exists due to the registration of devices multiple times when multiple connection complete events are received for the same handle. To address this, the code now ignores consequent events for a single connection. The introduction of HCI CONN HANDLE UNSET helps identify new connections, and checks for HCI CONN HANDLE MAX prevent the use of invalid handles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-476

Related Identifiers

AZL-67673

BDU:2026-01260

CVE-2022-49138

SUSE-SU-2025:02588-1

SUSE-SU-2025:02846-1

SUSE-SU-2025:02849-1

SUSE-SU-2025:02851-1

SUSE-SU-2025:02852-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:2588-1

SUSE-SU-2025:3761-1

SUSE-SU-2025_02588-1

SUSE-SU-2025_02846-1

SUSE-SU-2025_02849-1

SUSE-SU-2025_1241-1

Affected Products

Debian

Linux Kernel

Suse

CVE-2022-49138

Weakness Enumeration

Related Identifiers

Affected Products

References · 2345