CVE-2022-50339 — Race Condition in Linux

CWE-362 — Race Condition5 documents5 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 98.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedSep 16

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work at mgmt_index_removed() [1], for setting of HCI_MGMT flag from mgmt_init_hdev() from hci_mgmt_cmd() from hci_sock_sendmsg() can race with testing of HCI_MGMT flag from mgmt_index_removed() from hci_sock_bind() due to lack of serialization via hci_dev_lock(). Since mgmt_init_hdev() is called with mgmt…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel6.0 — 6.0.3

▶Debianlinux/linux_kernel< 6.0.3-1+2

▶CVEListV5linux/linux3f2893d3c142986aa935821460cb3adb77044722 — e53c6180db8dd09de94e0a3bdf4fef6f5f9dd6e6+2

▶debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-6wf7-5hh8-x7vm: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again↗2025-09-16

▶

OSV

CVE-2022-50339: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again r↗2025-09-16

▶

📋Vendor Advisories

Red Hat

kernel: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()↗2025-09-16

▶

Debian

CVE-2022-50339: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...↗2022

▶