NVD Vulnerability Detail

CVE-2022-48971

Summary	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix not cleanup led when bt_init fails bt_init() calls bt_leds_init() to register led, but if it fails later, bt_leds_cleanup() is not called to unregister it. This can cause panic if the argument "bluetooth-power" in text is freed and then another led_trigger_register() tries to access it: BUG: unable to handle page fault for address: ffffffffc06d3bc0 RIP: 0010:strcmp+0xc/0x30 Call Trace: <TASK> led_trigger_register+0x10d/0x4f0 led_trigger_register_simple+0x7d/0x100 bt_init+0x39/0xf7 [bluetooth] do_one_initcall+0xd0/0x4e0
Publication Date	Oct. 22, 2024, 5:15 a.m.
Registration Date	Oct. 22, 2024, 12:01 p.m.
Last Update	Oct. 26, 2024, 12:23 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/8a66c3a94285552f6a8e45d73b34ebbad11d388b	Patch
2	https://git.kernel.org/stable/c/2c6cf0afc3856359e620e96edd952457d258e16c	Patch
3	https://git.kernel.org/stable/c/e7b950458156d410509a08c41930b75e72985938	Patch
4	https://git.kernel.org/stable/c/edf7284a98296369dd0891a0457eec37df244873	Patch
5	https://git.kernel.org/stable/c/5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f	Patch
6	https://git.kernel.org/stable/c/2f3957c7eb4e07df944169a3e50a4d6790e1c744	Patch

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における脆弱性

Title	Linux の Linux Kernel における脆弱性
Summary	Linux の Linux Kernel には、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 2, 2022, midnight
Registration Date	Oct. 28, 2024, 2:45 p.m.
Last Update	Oct. 28, 2024, 2:45 p.m.

Affected System

Linux

Linux Kernel 4.20 以上 5.4.227 未満

Linux Kernel 4.9 以上 4.19.269 未満

Linux Kernel 5.11 以上 5.15.83 未満

Linux Kernel 5.16 以上 6.0.13 未満

Linux Kernel 5.5 以上 5.10.159 未満

Linux Kernel 6.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-48971	https://www.cve.org/CVERecord?id=CVE-2022-48971
National Vulnerability Database (NVD)
2	CVE-2022-48971	https://nvd.nist.gov/vuln/detail/CVE-2022-48971

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	Bluetooth: Fix not cleanup led when bt_init fails (2c6cf0a)	https://git.kernel.org/stable/c/2c6cf0afc3856359e620e96edd952457d258e16c
2	Bluetooth: Fix not cleanup led when bt_init fails (2f3957c)	https://git.kernel.org/stable/c/2f3957c7eb4e07df944169a3e50a4d6790e1c744
3	Bluetooth: Fix not cleanup led when bt_init fails (5ecf7cd)	https://git.kernel.org/stable/c/5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f
4	Bluetooth: Fix not cleanup led when bt_init fails (8a66c3a)	https://git.kernel.org/stable/c/8a66c3a94285552f6a8e45d73b34ebbad11d388b
5	Bluetooth: Fix not cleanup led when bt_init fails (e7b9504)	https://git.kernel.org/stable/c/e7b950458156d410509a08c41930b75e72985938
6	Bluetooth: Fix not cleanup led when bt_init fails (edf7284)	https://git.kernel.org/stable/c/edf7284a98296369dd0891a0457eec37df244873
Linux Kernel
7	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2024年10月28日] 掲載	Oct. 28, 2024, 11:58 a.m.