CVE-2022-48971

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: Fix not cleanup led when bt_init fails

bt_init() calls bt_leds_init() to register led, but if it fails later,
bt_leds_cleanup() is not called to unregister it.

This can cause panic if the argument "bluetooth-power" in text is freed
and then another led_trigger_register() tries to access it:

BUG: unable to handle page fault for address: ffffffffc06d3bc0
RIP: 0010:strcmp+0xc/0x30
  Call Trace:
    <TASK>
    led_trigger_register+0x10d/0x4f0
    led_trigger_register_simple+0x7d/0x100
    bt_init+0x39/0xf7 [bluetooth]
    do_one_initcall+0xd0/0x4e0
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
LinuxCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
linuxlinux_kernel
4.9 ≤
𝑥
< 4.19.269
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.227
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.159
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.83
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.13
linuxlinux_kernel
6.1:rc1
linuxlinux_kernel
6.1:rc2
linuxlinux_kernel
6.1:rc3
linuxlinux_kernel
6.1:rc4
linuxlinux_kernel
6.1:rc5
linuxlinux_kernel
6.1:rc6
linuxlinux_kernel
6.1:rc7
linuxlinux_kernel
6.1:rc8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
References
https://git.kernel.org/stable/c/2c6cf0afc3856359e620e96edd952457d258e16c
https://git.kernel.org/stable/c/2f3957c7eb4e07df944169a3e50a4d6790e1c744
https://git.kernel.org/stable/c/5ecf7cd6fde5e72c87122084cf00d63e35d8dd9f
https://git.kernel.org/stable/c/8a66c3a94285552f6a8e45d73b34ebbad11d388b
https://git.kernel.org/stable/c/e7b950458156d410509a08c41930b75e72985938
https://git.kernel.org/stable/c/edf7284a98296369dd0891a0457eec37df244873