{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48971", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-22T01:27:53.629Z", "datePublished": "2024-10-21T20:05:52.363Z", "dateUpdated": "2025-05-04T08:27:10.417Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:27:10.417Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix not cleanup led when bt_init fails\n\nbt_init() calls bt_leds_init() to register led, but if it fails later,\nbt_leds_cleanup() is not called to unregister it.\n\nThis can cause panic if the argument \"bluetooth-power\" in text is freed\nand then another led_trigger_register() tries to access it:\n\nBUG: unable to handle page fault for address: ffffffffc06d3bc0\nRIP: 0010:strcmp+0xc/0x30\n Call Trace:\n <TASK>\n led_trigger_register+0x10d/0x4f0\n led_trigger_register_simple+0x7d/0x100\n bt_init+0x39/0xf7 [bluetooth]\n do_one_initcall+0xd0/0x4e0"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/af_bluetooth.c"], "versions": [{"version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "8a66c3a94285552f6a8e45d73b34ebbad11d388b", "status": "affected", "versionType": "git"}, {"version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "2c6cf0afc3856359e620e96edd952457d258e16c", "status": "affected", "versionType": "git"}, {"version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "e7b950458156d410509a08c41930b75e72985938", "status": "affected", "versionType": "git"}, {"version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "edf7284a98296369dd0891a0457eec37df244873", "status": "affected", "versionType": "git"}, {"version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f", "status": "affected", "versionType": "git"}, {"version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "2f3957c7eb4e07df944169a3e50a4d6790e1c744", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/af_bluetooth.c"], "versions": [{"version": "4.9", "status": "affected"}, {"version": "0", "lessThan": "4.9", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.269", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.227", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.159", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.83", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.13", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "4.19.269"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.4.227"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.10.159"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "5.15.83"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "6.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9", "versionEndExcluding": "6.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8a66c3a94285552f6a8e45d73b34ebbad11d388b"}, {"url": "https://git.kernel.org/stable/c/2c6cf0afc3856359e620e96edd952457d258e16c"}, {"url": "https://git.kernel.org/stable/c/e7b950458156d410509a08c41930b75e72985938"}, {"url": "https://git.kernel.org/stable/c/edf7284a98296369dd0891a0457eec37df244873"}, {"url": "https://git.kernel.org/stable/c/5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f"}, {"url": "https://git.kernel.org/stable/c/2f3957c7eb4e07df944169a3e50a4d6790e1c744"}], "title": "Bluetooth: Fix not cleanup led when bt_init fails", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48971", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:19:08.445851Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:28:37.798Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48971", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:19:08.445851Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:19:11.542Z"}}], "cna": {"title": "Bluetooth: Fix not cleanup led when bt_init fails", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "8a66c3a94285552f6a8e45d73b34ebbad11d388b", "versionType": "git"}, {"status": "affected", "version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "2c6cf0afc3856359e620e96edd952457d258e16c", "versionType": "git"}, {"status": "affected", "version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "e7b950458156d410509a08c41930b75e72985938", "versionType": "git"}, {"status": "affected", "version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "edf7284a98296369dd0891a0457eec37df244873", "versionType": "git"}, {"status": "affected", "version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f", "versionType": "git"}, {"status": "affected", "version": "e64c97b53bc6727aa4385535166aaa047281e02d", "lessThan": "2f3957c7eb4e07df944169a3e50a4d6790e1c744", "versionType": "git"}], "programFiles": ["net/bluetooth/af_bluetooth.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.9"}, {"status": "unaffected", "version": "0", "lessThan": "4.9", "versionType": "semver"}, {"status": "unaffected", "version": "4.19.269", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.227", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.159", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.83", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.0.13", "versionType": "semver", "lessThanOrEqual": "6.0.*"}, {"status": "unaffected", "version": "6.1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/bluetooth/af_bluetooth.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/8a66c3a94285552f6a8e45d73b34ebbad11d388b"}, {"url": "https://git.kernel.org/stable/c/2c6cf0afc3856359e620e96edd952457d258e16c"}, {"url": "https://git.kernel.org/stable/c/e7b950458156d410509a08c41930b75e72985938"}, {"url": "https://git.kernel.org/stable/c/edf7284a98296369dd0891a0457eec37df244873"}, {"url": "https://git.kernel.org/stable/c/5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f"}, {"url": "https://git.kernel.org/stable/c/2f3957c7eb4e07df944169a3e50a4d6790e1c744"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix not cleanup led when bt_init fails\n\nbt_init() calls bt_leds_init() to register led, but if it fails later,\nbt_leds_cleanup() is not called to unregister it.\n\nThis can cause panic if the argument \"bluetooth-power\" in text is freed\nand then another led_trigger_register() tries to access it:\n\nBUG: unable to handle page fault for address: ffffffffc06d3bc0\nRIP: 0010:strcmp+0xc/0x30\n Call Trace:\n <TASK>\n led_trigger_register+0x10d/0x4f0\n led_trigger_register_simple+0x7d/0x100\n bt_init+0x39/0xf7 [bluetooth]\n do_one_initcall+0xd0/0x4e0"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:11:37.839Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48971", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:11:37.839Z", "dateReserved": "2024-08-22T01:27:53.629Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T20:05:52.363Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "583D408E-67CE-427E-9097-897D64F9D40E", "versionEndExcluding": "4.19.269", "versionStartIncluding": "4.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C752145-904B-474A-A7F2-E9F29353B0FE", "versionEndExcluding": "5.4.227", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7318B597-DFFD-4BBC-A947-539D6E30D82A", "versionEndExcluding": "5.10.159", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "90897BD1-104D-4CFF-94F5-29F9041217FB", "versionEndExcluding": "5.15.83", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "389392A7-81C4-4C26-884B-8C7CF0F53DA4", "versionEndExcluding": "6.0.13", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "17F0B248-42CF-4AE6-A469-BB1BAE7F4705", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "E2422816-0C14-4B5E-A1E6-A9D776E5C49B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*", "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*", "matchCriteriaId": "3FFFB0B3-930D-408A-91E2-BAE0C2715D80", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*", "matchCriteriaId": "8535320E-A0DB-4277-800E-D0CE5BBA59E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*", "matchCriteriaId": "21718AA4-4056-40F2-968E-BDAA465A7872", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix not cleanup led when bt_init fails\n\nbt_init() calls bt_leds_init() to register led, but if it fails later,\nbt_leds_cleanup() is not called to unregister it.\n\nThis can cause panic if the argument \"bluetooth-power\" in text is freed\nand then another led_trigger_register() tries to access it:\n\nBUG: unable to handle page fault for address: ffffffffc06d3bc0\nRIP: 0010:strcmp+0xc/0x30\n Call Trace:\n <TASK>\n led_trigger_register+0x10d/0x4f0\n led_trigger_register_simple+0x7d/0x100\n bt_init+0x39/0xf7 [bluetooth]\n do_one_initcall+0xd0/0x4e0"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: Se solucion\u00f3 el problema de no limpiar el led cuando bt_init fallo bt_init() llama a bt_leds_init() para registrar el led, pero si falla m\u00e1s tarde, no se llama a bt_leds_cleanup() para anular su registro. Esto puede causar p\u00e1nico si se libera el argumento \"bluetooth-power\" en el texto y luego otro led_trigger_register() intenta acceder a \u00e9l: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffffffc06d3bc0 RIP: 0010:strcmp+0xc/0x30 Seguimiento de llamadas: led_trigger_register+0x10d/0x4f0 led_trigger_register_simple+0x7d/0x100 bt_init+0x39/0xf7 [bluetooth] do_one_initcall+0xd0/0x4e0"}], "id": "CVE-2022-48971", "lastModified": "2024-10-25T15:23:38.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T20:15:09.260", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2c6cf0afc3856359e620e96edd952457d258e16c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f3957c7eb4e07df944169a3e50a4d6790e1c744"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8a66c3a94285552f6a8e45d73b34ebbad11d388b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7b950458156d410509a08c41930b75e72985938"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/edf7284a98296369dd0891a0457eec37df244873"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Bluetooth: Fix not cleanup led when bt_init fails", "id": "2320767", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320767"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-459", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: Fix not cleanup led when bt_init fails\nbt_init() calls bt_leds_init() to register led, but if it fails later,\nbt_leds_cleanup() is not called to unregister it.\nThis can cause panic if the argument \"bluetooth-power\" in text is freed\nand then another led_trigger_register() tries to access it:\nBUG: unable to handle page fault for address: ffffffffc06d3bc0\nRIP: 0010:strcmp+0xc/0x30\nCall Trace:\n<TASK>\nled_trigger_register+0x10d/0x4f0\nled_trigger_register_simple+0x7d/0x100\nbt_init+0x39/0xf7 [bluetooth]\ndo_one_initcall+0xd0/0x4e0", "A denial of service panic vulnerability was found in the Linux kernel's Bluetooth subsystem. When the bt_init() function call fails, bt_leds_cleanup() is not called to unregister it, which can lead to a panic, resulting in the system's loss of availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-48971", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-48971\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48971\nhttps://lore.kernel.org/linux-cve-announce/2024102144-CVE-2022-48971-6025@gregkh/T"], "threat_severity": "Moderate"}

{}