{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50386","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:53:06.997Z","datePublished":"2025-09-18T13:33:07.191Z","dateUpdated":"2026-05-11T19:18:32.010Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:18:32.010Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix user-after-free\n\nThis uses l2cap_chan_hold_unless_zero() after calling\n__l2cap_get_chan_blah() to prevent the following trace:\n\nBluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref\n*kref)\nBluetooth: chan 0000000023c4974d\nBluetooth: parent 00000000ae861c08\n==================================================================\nBUG: KASAN: use-after-free in __mutex_waiter_is_first\nkernel/locking/mutex.c:191 [inline]\nBUG: KASAN: use-after-free in __mutex_lock_common\nkernel/locking/mutex.c:671 [inline]\nBUG: KASAN: use-after-free in __mutex_lock+0x278/0x400\nkernel/locking/mutex.c:729\nRead of size 8 at addr ffff888006a49b08 by task kworker/u3:2/389"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/bluetooth/l2cap_core.c"],"versions":[{"version":"3df91ea20e744344100b10ae69a17211fcf5b207","lessThan":"11e40d6c0823f699d8ad501e48d1c3ae4be386cd","status":"affected","versionType":"git"},{"version":"3df91ea20e744344100b10ae69a17211fcf5b207","lessThan":"843fc4e386dd84b806a7f07fb062d8c3a44e5364","status":"affected","versionType":"git"},{"version":"3df91ea20e744344100b10ae69a17211fcf5b207","lessThan":"d91fc2836562f299f34e361e089e9fe154da4f73","status":"affected","versionType":"git"},{"version":"3df91ea20e744344100b10ae69a17211fcf5b207","lessThan":"7d6f9cb24d2b2f6b6370eac074e2e6b1bafdad45","status":"affected","versionType":"git"},{"version":"3df91ea20e744344100b10ae69a17211fcf5b207","lessThan":"0c108cf3ad386e0084277093b55a351c49e0be27","status":"affected","versionType":"git"},{"version":"3df91ea20e744344100b10ae69a17211fcf5b207","lessThan":"d1e894f950ad48897d1a7cb05909ea29d8c3810e","status":"affected","versionType":"git"},{"version":"3df91ea20e744344100b10ae69a17211fcf5b207","lessThan":"6ffde6e03085874ae22263ff4cef4869f797e84f","status":"affected","versionType":"git"},{"version":"3df91ea20e744344100b10ae69a17211fcf5b207","lessThan":"15fc21695eb606bdc5d483b92118ee42610a952d","status":"affected","versionType":"git"},{"version":"3df91ea20e744344100b10ae69a17211fcf5b207","lessThan":"35fcbc4243aad7e7d020b7c1dfb14bb888b20a4f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/bluetooth/l2cap_core.c"],"versions":[{"version":"3.4","status":"affected"},{"version":"0","lessThan":"3.4","status":"unaffected","versionType":"semver"},{"version":"4.9.331","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.296","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.262","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.220","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.150","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.75","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.17","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0.3","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4","versionEndExcluding":"4.9.331"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4","versionEndExcluding":"4.14.296"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4","versionEndExcluding":"4.19.262"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4","versionEndExcluding":"5.4.220"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4","versionEndExcluding":"5.10.150"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4","versionEndExcluding":"5.15.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4","versionEndExcluding":"5.19.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4","versionEndExcluding":"6.0.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11e40d6c0823f699d8ad501e48d1c3ae4be386cd"},{"url":"https://git.kernel.org/stable/c/843fc4e386dd84b806a7f07fb062d8c3a44e5364"},{"url":"https://git.kernel.org/stable/c/d91fc2836562f299f34e361e089e9fe154da4f73"},{"url":"https://git.kernel.org/stable/c/7d6f9cb24d2b2f6b6370eac074e2e6b1bafdad45"},{"url":"https://git.kernel.org/stable/c/0c108cf3ad386e0084277093b55a351c49e0be27"},{"url":"https://git.kernel.org/stable/c/d1e894f950ad48897d1a7cb05909ea29d8c3810e"},{"url":"https://git.kernel.org/stable/c/6ffde6e03085874ae22263ff4cef4869f797e84f"},{"url":"https://git.kernel.org/stable/c/15fc21695eb606bdc5d483b92118ee42610a952d"},{"url":"https://git.kernel.org/stable/c/35fcbc4243aad7e7d020b7c1dfb14bb888b20a4f"}],"title":"Bluetooth: L2CAP: Fix user-after-free","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8,"attackVector":"ADJACENT_NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-50386","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-01-14T18:49:08.856293Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-416","description":"CWE-416 Use After Free"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T18:53:04.692Z"}}]}}