CVE-2022-49909: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-49909) was discovered in the Linux kernel's Bluetooth L2CAP implementation, specifically in the l2capconndel() function. The vulnerability affects multiple versions of the Linux kernel and was disclosed on May 1, 2025 (NVD, Wiz).

The vulnerability occurs when l2caprecvframe() is invoked to receive data with cid L2CAPCIDA2MP. If the channel does not exist, it creates a channel without performing a hold operation, resulting in a reference counting issue. The channel's reference count is initially set to 2, then decremented to 1 by l2capchanput(). When hcierrorreset() is triggered, l2capconndel() invokes the close hook function of A2MP to release the channel, leading to a use-after-free condition during l2capchanunlock(). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker with local access to cause a denial of service (system crash) or potentially execute arbitrary code through the Bluetooth subsystem, potentially compromising system security (Wiz).

The vulnerability has been fixed in the Linux kernel through patches that address the reference counting issue in the L2CAP implementation. Users are advised to update their Linux kernel to a version that includes these security fixes (NVD).