CVE-2022-49555: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49555 affects the Linux kernel's Bluetooth HCI QCA driver. The vulnerability was discovered when investigating a crash report related to timer list corruption, which occurs when a timer is freed while still active. This issue specifically involves the improper use of deltimer() instead of deltimersync() in the hciqca driver before freeing resources (Kernel Commit).

The vulnerability exists in the qcaclose function within the drivers/bluetooth/hciqca.c file. The issue stems from using deltimer() instead of deltimersync() for handling txidletimer and wakeretranstimer, while the wakeretranstimer could potentially be rearmed via the work queue. The fix involves moving the destruction of the work queue before deltimer_sync() calls to prevent potential race conditions (Kernel Commit).

The vulnerability can lead to timer list corruption and system crashes when the affected timers are freed while still active. This particularly affects systems using the QCA Bluetooth chipset with UART interface (Kernel Commit).

The issue has been fixed by replacing deltimer() calls with deltimersync() and reorganizing the cleanup sequence in the qcaclose function. The fix ensures proper synchronization when freeing timer resources and prevents potential race conditions. Users should update to a patched version of the Linux kernel that includes this fix (Kernel Commit).