5.5
CVE-2022-50374
- EPSS 0.19%
- Veröffentlicht 17.09.2025 14:56:28
- Zuletzt bearbeitet 14.01.2026 19:16:10
- CVE-Watchlists
- Unerledigt
Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1],
for rcu_sync_enter() is called without rcu_sync_init() due to
hci_uart_tty_open() ignoring percpu_init_rwsem() failure.
While we are at it, fix that hci_uart_register_device() ignores
percpu_init_rwsem() failure and hci_uart_unregister_device() does not
call percpu_free_rwsem().Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.14.63 < 4.15
Linux ≫ Linux Kernel Version >= 4.14.63 < 5.10.150
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.75
Linux ≫ Linux Kernel Version >= 5.16 < 5.19.17
Linux ≫ Linux Kernel Version >= 6.0 < 6.0.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.088 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
https://git.kernel.org/stable/c/d7cc0d51ffcbfd1caaa809fcf9cff05c46d0fb4d
https://git.kernel.org/stable/c/b8917dce2134739b39bc0a5648b18427f2cad569
https://git.kernel.org/stable/c/75b2c71ea581c7bb1303860d89366a42ad0506d2
https://git.kernel.org/stable/c/98ce10f3f345e61fc6c83bff9cd11cda252b05ac
https://git.kernel.org/stable/c/3124d320c22f3f4388d9ac5c8f37eaad0cefd6b1