{"id":"CVE-2022-50386","summary":"Bluetooth: L2CAP: Fix user-after-free","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix user-after-free\n\nThis uses l2cap_chan_hold_unless_zero() after calling\n__l2cap_get_chan_blah() to prevent the following trace:\n\nBluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref\n*kref)\nBluetooth: chan 0000000023c4974d\nBluetooth: parent 00000000ae861c08\n==================================================================\nBUG: KASAN: use-after-free in __mutex_waiter_is_first\nkernel/locking/mutex.c:191 [inline]\nBUG: KASAN: use-after-free in __mutex_lock_common\nkernel/locking/mutex.c:671 [inline]\nBUG: KASAN: use-after-free in __mutex_lock+0x278/0x400\nkernel/locking/mutex.c:729\nRead of size 8 at addr ffff888006a49b08 by task kworker/u3:2/389","modified":"2026-04-11T12:44:57.087483Z","published":"2025-09-18T13:33:07.191Z","related":["ALSA-2025:19102","ALSA-2025:19103","SUSE-SU-2025:03613-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03626-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:03652-1","SUSE-SU-2025:03653-1","SUSE-SU-2025:03656-1","SUSE-SU-2025:03662-1","SUSE-SU-2025:3684-1","SUSE-SU-2025:3703-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4123-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50386.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0c108cf3ad386e0084277093b55a351c49e0be27"},{"type":"WEB","url":"https://git.kernel.org/stable/c/11e40d6c0823f699d8ad501e48d1c3ae4be386cd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/15fc21695eb606bdc5d483b92118ee42610a952d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/35fcbc4243aad7e7d020b7c1dfb14bb888b20a4f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6ffde6e03085874ae22263ff4cef4869f797e84f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7d6f9cb24d2b2f6b6370eac074e2e6b1bafdad45"},{"type":"WEB","url":"https://git.kernel.org/stable/c/843fc4e386dd84b806a7f07fb062d8c3a44e5364"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d1e894f950ad48897d1a7cb05909ea29d8c3810e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d91fc2836562f299f34e361e089e9fe154da4f73"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50386.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50386"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3df91ea20e744344100b10ae69a17211fcf5b207"},{"fixed":"11e40d6c0823f699d8ad501e48d1c3ae4be386cd"},{"fixed":"843fc4e386dd84b806a7f07fb062d8c3a44e5364"},{"fixed":"d91fc2836562f299f34e361e089e9fe154da4f73"},{"fixed":"7d6f9cb24d2b2f6b6370eac074e2e6b1bafdad45"},{"fixed":"0c108cf3ad386e0084277093b55a351c49e0be27"},{"fixed":"d1e894f950ad48897d1a7cb05909ea29d8c3810e"},{"fixed":"6ffde6e03085874ae22263ff4cef4869f797e84f"},{"fixed":"15fc21695eb606bdc5d483b92118ee42610a952d"},{"fixed":"35fcbc4243aad7e7d020b7c1dfb14bb888b20a4f"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50386.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.4.0"},{"fixed":"4.9.331"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.296"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.262"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.220"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.150"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.75"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.19.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.20.0"},{"fixed":"6.0.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50386.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}