CVE-2022-49116: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49116 is a vulnerability in the Linux kernel's Bluetooth subsystem, specifically related to memory leaks in the l2cap_ecred_connect function. The vulnerability was discovered by Zeal Robot and reported on February 26, 2025. The issue affects the Linux kernel's Bluetooth implementation (Debian Tracker).

The vulnerability stems from uninitialized memory structures in the l2cap_ecred_connect function within the Linux kernel's Bluetooth subsystem. The issue occurs due to missing initialization of data structures before they are used in Bluetooth L2CAP (Logical Link Control and Adaptation Protocol) connections. The vulnerability has been assigned a CVSS v3 Base Score of 5.5 (Medium), with an attack vector that is local and requires low privileges (AttackerKB).

The vulnerability can lead to memory leaks in the Linux kernel's Bluetooth subsystem when establishing L2CAP connections. This could potentially affect system stability and resource management in systems where Bluetooth functionality is actively used (Kernel Commit).

The vulnerability has been fixed by adding proper memory initialization using memset to prevent memory leaks in the l2cap_ecred_connect function. The fix has been implemented in various Linux kernel versions, including 5.10.223-1 for Debian bullseye and 6.1.129-1 for bookworm (Debian Tracker).