VYPR
Unrated severityNVD Advisory· Published Feb 26, 2025· Updated May 4, 2025

Bluetooth: hci_qca: Use del_timer_sync() before freeing

CVE-2022-49555

Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_qca: Use del_timer_sync() before freeing

While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling del_timer() instead of del_timer_sync() just before freeing.

One possible culprit is the hci_qca driver, which does exactly that.

Eric mentioned that wake_retrans_timer could be rearmed via the work queue, so also move the destruction of the work queue before del_timer_sync().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

136

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.