CVE-2022-48878: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48878 affects the Linux kernel's Bluetooth driver hci_qca. The vulnerability was discovered in the driver shutdown callback functionality, which sends EDL_SOC_RESET to the device over serdev. The issue was identified when the callback was invoked while the HCI device was not open, leading to a use-after-free condition during system reboot with Qualcomm Atheros Bluetooth devices. This vulnerability affects Linux kernel versions from 5.8 up to (excluding) 6.1.8 (NVD).

The vulnerability occurs when the driver shutdown callback is executed while the HCI device is not open (for example, if hci_dev_open_sync() fails). In this scenario, since the serdev and its TTY are not open, attempting to access them leads to a use-after-free condition. The issue is triggered specifically during system reboot with Qualcomm Atheros Bluetooth devices, particularly affecting the QCA6390 chipset. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability can lead to a kernel panic during system reboot. The use-after-free condition can potentially result in memory corruption, system crashes, and possible privilege escalation. The vulnerability affects systems using Qualcomm Atheros Bluetooth devices, particularly those with the QCA6390 chipset (Kernel Patch).

The vulnerability has been fixed in the Linux kernel through a patch that adds additional checks before executing the shutdown callback. The fix involves checking if the device is powered off (QCA_BT_OFF flag) or if the HCI device is not running (HCI_RUNNING flag) before proceeding with the shutdown sequence. Users should update to Linux kernel version 6.1.8 or later to receive the fix (Kernel Patch).