CVE-2022-49910: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's Bluetooth L2CAP implementation (CVE-2022-49910). The vulnerability was disclosed on May 1, 2025, affecting the Linux kernel's Bluetooth subsystem. The issue occurs in the L2CAP (Logical Link Control and Adaptation Protocol) component due to a race condition between parallel flows involving l2capreassemblesdu and btsockrecvmsg functions (NVD).

The vulnerability stems from a race condition between two parallel flows: 1) l2capreassemblesdu -> chan->ops->recv (l2capsockrecvcb) -> _sockqueuercvskb and 2) btsockrecvmsg -> skbrecvdatagram, skbfreedatagram. An SKB (socket buffer) can be queued by the first flow and immediately dequeued and freed by the second flow. After l2capreassemblesdu returns, some code paths continue accessing struct l2capctrl that resides in the freed SKB's CB, leading to a use-after-free condition (Red Hat).

The vulnerability could lead to a use-after-free condition in the Linux kernel's Bluetooth subsystem, potentially resulting in system crashes, memory corruption, or possible privilege escalation. The issue affects systems using the Linux kernel's Bluetooth functionality (NVD).

The vulnerability has been resolved in the Linux kernel by fixing the race condition through keeping a local copy of struct l2cap_ctrl. Users are advised to update their Linux kernel to a version containing the fix (NVD).