{"id":"CVE-2022-50447","summary":"Bluetooth: hci_conn: Fix crash on hci_create_cis_sync","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Fix crash on hci_create_cis_sync\n\nWhen attempting to connect multiple ISO sockets without using\nDEFER_SETUP may result in the following crash:\n\nBUG: KASAN: null-ptr-deref in hci_create_cis_sync+0x18b/0x2b0\nRead of size 2 at addr 0000000000000036 by task kworker/u3:1/50\n\nCPU: 0 PID: 50 Comm: kworker/u3:1 Not tainted\n6.0.0-rc7-02243-gb84a13ff4eda #4373\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009),\nBIOS 1.16.0-1.fc36 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x19/0x27\n kasan_report+0xbc/0xf0\n ? hci_create_cis_sync+0x18b/0x2b0\n hci_create_cis_sync+0x18b/0x2b0\n ? get_link_mode+0xd0/0xd0\n ? __ww_mutex_lock_slowpath+0x10/0x10\n ? mutex_lock+0xe0/0xe0\n ? get_link_mode+0xd0/0xd0\n hci_cmd_sync_work+0x111/0x190\n process_one_work+0x427/0x650\n worker_thread+0x87/0x750\n ? process_one_work+0x650/0x650\n kthread+0x14e/0x180\n ? kthread_exit+0x50/0x50\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e","modified":"2026-03-20T11:47:28.997876Z","published":"2025-10-01T11:45:21.804Z","related":["SUSE-SU-2025:03615-1","SUSE-SU-2025:3761-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50447.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/09a3b0c9c7c6b10587fbb610b718014703cff341"},{"type":"WEB","url":"https://git.kernel.org/stable/c/50757a259ba78c4e938b5735e76ffec6cd0c942e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a190cd9dc62d6ebeb679c1abe9dda4162dfefc84"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50447.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50447"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"26afbd826ee326e63a334c37fd45e82e50a615ec"},{"fixed":"a190cd9dc62d6ebeb679c1abe9dda4162dfefc84"},{"fixed":"09a3b0c9c7c6b10587fbb610b718014703cff341"},{"fixed":"50757a259ba78c4e938b5735e76ffec6cd0c942e"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50447.json"}}],"schema_version":"1.7.5"}