CVE-2022-49754: 
Linux Kernel vulnerability analysis and mitigation

A buffer overflow vulnerability was identified in the Linux kernel's Bluetooth subsystem, specifically in the mgmtmeshadd() function. The vulnerability was assigned CVE-2022-49754. The issue involves a size mismatch between a destination buffer (mesh_tx->param) of size 48 bytes and potential data of up to 50 bytes (NVD).

The vulnerability exists in the net/bluetooth/mgmtutil.c file at line 375. The technical root cause is that meshtx->param is an array of size 48 (calculated as sizeof(struct mgmtcpmeshsend) + 29, which equals 19 + 29 = 48). However, in the meshsend caller, the length check only rejects when len > 50 (MGMTMESHSEND_SIZE + 31, which equals 19 + 31 = 50). This mismatch creates a potential buffer overflow condition of 2 bytes (NVD).

The buffer overflow vulnerability could allow an attacker to write beyond the intended buffer boundaries in the Linux kernel's Bluetooth subsystem. This could potentially lead to memory corruption and system instability (NVD).

The vulnerability has been resolved in the Linux kernel through a patch that fixes the buffer overflow in mgmtmeshadd(). The fix addresses the size mismatch between the buffer and the potential data length (NVD).