CVE-2022-49555
Published: Feb 26, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling del_timer() instead of del_timer_sync() just before freeing. One possible culprit is the hci_qca driver, which does exactly that. Eric mentioned that wake_retrans_timer could be rearmed via the work queue, so also move the destruction of the work queue before del_timer_sync().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 0ff252c1976da5d80db1377eb39b551931e61826 - < 4989bb03342941f2b730b37dfa38bce27b543661affected 0ff252c1976da5d80db1377eb39b551931e61826 - < db03727b4bbbbb36e6ef4cb655c670eefb6448e9affected 0ff252c1976da5d80db1377eb39b551931e61826 - < 37d17f63d085d601011964ade7371aeebeb6ed4baffected 0ff252c1976da5d80db1377eb39b551931e61826 - < 2717654ae022e6ea959a4b7b762702fe1a4690c2affected 0ff252c1976da5d80db1377eb39b551931e61826 - < 72ef98445aca568a81c2da050532500a8345ad3a |
Linux | Linux | affected 4.3unaffected 0 - < 4.3unaffected 5.10.120 - <= 5.10.*unaffected 5.15.45 - <= 5.15.*unaffected 5.17.13 - <= 5.17.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now