CVE-2022-49111: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49111 is a use-after-free vulnerability in the Linux kernel's Bluetooth subsystem, specifically in the hcisendacl function. The vulnerability was discovered when receiving HCIEVDISCONNPHYLINKCOMPLETE events, where hciconndel was called without first verifying if conn->type is AMPLINK and properly cleaning up upper layers with hcidisconncfm (Kernel Commit).

The vulnerability occurs in the Bluetooth subsystem's handling of physical link disconnection events. When an HCIEVDISCONNPHYLINK_COMPLETE event is received, the code fails to properly verify the connection type before deletion, leading to a use-after-free condition. The issue manifests when accessing memory at specific addresses after it has been freed, as demonstrated by KASAN (Kernel Address Sanitizer) reports showing invalid memory access (Kernel Commit).

This vulnerability could lead to use-after-free conditions in the kernel's Bluetooth subsystem, potentially resulting in system crashes, memory corruption, or possible privilege escalation. The issue affects systems using the Linux kernel's Bluetooth stack, particularly when handling AMP (Alternate MAC/PHY) link disconnections (Kernel Commit).

The vulnerability has been fixed by adding proper type checking before calling hciconndel and ensuring proper cleanup of upper layers with hcidisconncfm. The fix involves modifying the hcidisconnphylinkcompleteevt function to verify that the connection type is AMP_LINK before proceeding with the deletion (Kernel Commit).