一、 漏洞 CVE-2022-49474 基础信息
漏洞标题
蓝牙:修复悬空的sco_conn及sco_sock_timeout中的释放后使用问题
来源:AIGC 神龙大模型
漏洞描述信息
N/A
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
来源:AIGC 神龙大模型
漏洞类别
释放后使用
来源:AIGC 神龙大模型
漏洞标题
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Connecting the same socket twice consecutively in sco_sock_connect() could lead to a race condition where two sco_conn objects are created but only one is associated with the socket. If the socket is closed before the SCO connection is established, the timer associated with the dangling sco_conn object won't be canceled. As the sock object is being freed, the use-after-free problem happens when the timer callback function sco_sock_timeout() accesses the socket. Here's the call trace: dump_stack+0x107/0x163 ? refcount_inc+0x1c/ print_address_description.constprop.0+0x1c/0x47e ? refcount_inc+0x1c/0x7b kasan_report+0x13a/0x173 ? refcount_inc+0x1c/0x7b check_memory_region+0x132/0x139 refcount_inc+0x1c/0x7b sco_sock_timeout+0xb2/0x1ba process_one_work+0x739/0xbd1 ? cancel_delayed_work+0x13f/0x13f ? __raw_spin_lock_init+0xf0/0xf0 ? to_kthread+0x59/0x85 worker_thread+0x593/0x70e kthread+0x346/0x35a ? drain_workqueue+0x31a/0x31a ? kthread_bind+0x4b/0x4b ret_from_fork+0x1f/0x30
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2022-49474 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2022-49474 的情报信息

  • 标题: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2022-49474