CVE-2022-49474: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49474 is a vulnerability in the Linux kernel's Bluetooth subsystem, specifically affecting the SCO (Synchronous Connection-Oriented) socket implementation. The vulnerability was discovered and disclosed in February 2025. The issue occurs when connecting the same socket twice consecutively in scosockconnect(), which could lead to a race condition where two sco_conn objects are created but only one is associated with the socket (Kernel Git).

The vulnerability is a use-after-free issue in the scosocktimeout function. When a socket is closed before the SCO connection is established, the timer associated with the dangling scoconn object isn't canceled. This leads to a use-after-free condition when the timer callback function scosock_timeout() attempts to access the freed socket object. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker to potentially execute code or cause system crashes through memory corruption. The issue affects the kernel's Bluetooth subsystem, which could impact any system using Bluetooth SCO connections (Red Hat).

The vulnerability has been fixed in the Linux kernel through a patch that modifies the scosockconnect() function to properly handle socket state checks and lock ordering. The fix involves moving the lock_sock(sk) call earlier in the function and adding proper error handling (Kernel Git).