CVE-2022-48982: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: [ 71.986122] Call Trace: [ 71.986124] <TASK> [ 71.986125] blocking_notifier_chain_register+0x33/0x60 [ 71.986130] hci_register_dev+0x316/0x3d0 [bluetooth 99b5497ea3d09708fa1366c1dc03288bf3cca8da] [ 71.986154] btusb_probe+0x979/0xd85 [btusb e1e0605a4f4c01984a4b9c8ac58c3666ae287477] [ 71.986159] ? __pm_runtime_set_status+0x1a9/0x300 [ 71.986162] ? ktime_get_mono_fast_ns+0x3e/0x90 [ 71.986167] usb_probe_interface+0xe3/0x2b0 [ 71.986171] really_probe+0xdb/0x380 [ 71.986174] ? pm_runtime_barrier+0x54/0x90 [ 71.986177] __driver_probe_device+0x78/0x170 [ 71.986180] driver_probe_device+0x1f/0x90 [ 71.986183] __device_attach_driver+0x89/0x110 [ 71.986186] ? driver_allows_async_probing+0x70/0x70 [ 71.986189] bus_for_each_drv+0x8c/0xe0 [ 71.986192] __device_attach+0xb2/0x1e0 [ 71.986195] bus_probe_device+0x92/0xb0 [ 71.986198] device_add+0x422/0x9a0 [ 71.986201] ? sysfs_merge_group+0xd4/0x110 [ 71.986205] usb_set_configuration+0x57a/0x820 [ 71.986208] usb_generic_driver_probe+0x4f/0x70 [ 71.986211] usb_probe_device+0x3a/0x110 [ 71.986213] really_probe+0xdb/0x380 [ 71.986216] ? pm_runtime_barrier+0x54/0x90 [ 71.986219] __driver_probe_device+0x78/0x170 [ 71.986221] driver_probe_device+0x1f/0x90 [ 71.986224] __device_attach_driver+0x89/0x110 [ 71.986227] ? driver_allows_async_probing+0x70/0x70 [ 71.986230] bus_for_each_drv+0x8c/0xe0 [ 71.986232] __device_attach+0xb2/0x1e0 [ 71.986235] bus_probe_device+0x92/0xb0 [ 71.986237] device_add+0x422/0x9a0 [ 71.986239] ? _dev_info+0x7d/0x98 [ 71.986242] ? blake2s_update+0x4c/0xc0 [ 71.986246] usb_new_device.cold+0x148/0x36d [ 71.986250] hub_event+0xa8a/0x1910 [ 71.986255] process_one_work+0x1c4/0x380 [ 71.986259] worker_thread+0x51/0x390 [ 71.986262] ? rescuer_thread+0x3b0/0x3b0 [ 71.986264] kthread+0xdb/0x110 [ 71.986266] ? kthread_complete_and_exit+0x20/0x20 [ 71.986268] ret_from_fork+0x1f/0x30 [ 71.986273] </TASK> [ 71.986274] ---[ end trace 0000000000000000 ]--- [ 71.986284] btusb: probe of 2-1.6:1.0 failed with error -17
AI Analysis
Technical Summary
CVE-2022-48982 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically related to the handling of CSR (Cambridge Silicon Radio) fake Bluetooth 5.0 controllers. The issue arises when these fake CSR clones are replugged into the system, causing the suspend notifier to be registered twice. This double registration leads to a kernel panic, effectively crashing the system. The kernel panic trace indicates that the problem occurs during the probing of the Bluetooth USB device, within the btusb driver and the hci_register_dev function. The root cause is the improper handling of device registration notifications when dealing with these counterfeit Bluetooth controllers, which can disrupt normal kernel operations and cause system instability. The vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, and it has been officially published and acknowledged by the Linux project. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet. The vulnerability does not appear to allow privilege escalation or remote code execution but results in a denial of service (DoS) through kernel panic when affected devices are connected or reconnected.
Potential Impact
For European organizations, the primary impact of CVE-2022-48982 is the potential for denial of service on Linux systems that utilize Bluetooth functionality, particularly those that may connect to or rely on CSR-based Bluetooth 5.0 devices or their clones. This could affect a wide range of devices including desktops, laptops, embedded systems, and IoT devices running vulnerable Linux kernels. The kernel panic caused by this vulnerability leads to system crashes, which can disrupt business operations, cause data loss if unsaved work is lost during the crash, and require system reboots. Organizations with critical infrastructure or services dependent on Linux Bluetooth connectivity may experience operational interruptions. However, since exploitation requires physical interaction with the device (replugging a fake CSR Bluetooth controller), remote exploitation risk is low. The vulnerability could be exploited by an insider or attacker with physical access to the system or through supply chain attacks involving counterfeit Bluetooth devices. The impact on confidentiality and integrity is minimal, but availability is significantly affected due to system crashes.
Mitigation Recommendations
1. Update the Linux kernel to the latest patched version where this vulnerability has been fixed. Monitor Linux kernel release notes and security advisories for the specific patch addressing CVE-2022-48982. 2. Implement strict hardware procurement policies to avoid the use of counterfeit or fake Bluetooth devices, especially CSR clones. Use trusted vendors and verify device authenticity. 3. Disable or restrict Bluetooth usage on critical Linux systems where it is not essential to reduce the attack surface. 4. Employ system monitoring and alerting to detect frequent kernel panics or Bluetooth device connection anomalies that may indicate exploitation attempts. 5. For environments where physical security cannot be guaranteed, consider disabling USB ports or using USB device control policies to prevent unauthorized device connections. 6. Educate IT and security staff about the risks of counterfeit hardware and the importance of patch management for kernel vulnerabilities. 7. In virtualized or containerized environments, isolate Bluetooth device access to minimize impact on host systems.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2022-48982: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix crash when replugging CSR fake controllers It seems fake CSR 5.0 clones can cause the suspend notifier to be registered twice causing the following kernel panic: [ 71.986122] Call Trace: [ 71.986124] <TASK> [ 71.986125] blocking_notifier_chain_register+0x33/0x60 [ 71.986130] hci_register_dev+0x316/0x3d0 [bluetooth 99b5497ea3d09708fa1366c1dc03288bf3cca8da] [ 71.986154] btusb_probe+0x979/0xd85 [btusb e1e0605a4f4c01984a4b9c8ac58c3666ae287477] [ 71.986159] ? __pm_runtime_set_status+0x1a9/0x300 [ 71.986162] ? ktime_get_mono_fast_ns+0x3e/0x90 [ 71.986167] usb_probe_interface+0xe3/0x2b0 [ 71.986171] really_probe+0xdb/0x380 [ 71.986174] ? pm_runtime_barrier+0x54/0x90 [ 71.986177] __driver_probe_device+0x78/0x170 [ 71.986180] driver_probe_device+0x1f/0x90 [ 71.986183] __device_attach_driver+0x89/0x110 [ 71.986186] ? driver_allows_async_probing+0x70/0x70 [ 71.986189] bus_for_each_drv+0x8c/0xe0 [ 71.986192] __device_attach+0xb2/0x1e0 [ 71.986195] bus_probe_device+0x92/0xb0 [ 71.986198] device_add+0x422/0x9a0 [ 71.986201] ? sysfs_merge_group+0xd4/0x110 [ 71.986205] usb_set_configuration+0x57a/0x820 [ 71.986208] usb_generic_driver_probe+0x4f/0x70 [ 71.986211] usb_probe_device+0x3a/0x110 [ 71.986213] really_probe+0xdb/0x380 [ 71.986216] ? pm_runtime_barrier+0x54/0x90 [ 71.986219] __driver_probe_device+0x78/0x170 [ 71.986221] driver_probe_device+0x1f/0x90 [ 71.986224] __device_attach_driver+0x89/0x110 [ 71.986227] ? driver_allows_async_probing+0x70/0x70 [ 71.986230] bus_for_each_drv+0x8c/0xe0 [ 71.986232] __device_attach+0xb2/0x1e0 [ 71.986235] bus_probe_device+0x92/0xb0 [ 71.986237] device_add+0x422/0x9a0 [ 71.986239] ? _dev_info+0x7d/0x98 [ 71.986242] ? blake2s_update+0x4c/0xc0 [ 71.986246] usb_new_device.cold+0x148/0x36d [ 71.986250] hub_event+0xa8a/0x1910 [ 71.986255] process_one_work+0x1c4/0x380 [ 71.986259] worker_thread+0x51/0x390 [ 71.986262] ? rescuer_thread+0x3b0/0x3b0 [ 71.986264] kthread+0xdb/0x110 [ 71.986266] ? kthread_complete_and_exit+0x20/0x20 [ 71.986268] ret_from_fork+0x1f/0x30 [ 71.986273] </TASK> [ 71.986274] ---[ end trace 0000000000000000 ]--- [ 71.986284] btusb: probe of 2-1.6:1.0 failed with error -17
AI-Powered Analysis
Technical Analysis
CVE-2022-48982 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically related to the handling of CSR (Cambridge Silicon Radio) fake Bluetooth 5.0 controllers. The issue arises when these fake CSR clones are replugged into the system, causing the suspend notifier to be registered twice. This double registration leads to a kernel panic, effectively crashing the system. The kernel panic trace indicates that the problem occurs during the probing of the Bluetooth USB device, within the btusb driver and the hci_register_dev function. The root cause is the improper handling of device registration notifications when dealing with these counterfeit Bluetooth controllers, which can disrupt normal kernel operations and cause system instability. The vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, and it has been officially published and acknowledged by the Linux project. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet. The vulnerability does not appear to allow privilege escalation or remote code execution but results in a denial of service (DoS) through kernel panic when affected devices are connected or reconnected.
Potential Impact
For European organizations, the primary impact of CVE-2022-48982 is the potential for denial of service on Linux systems that utilize Bluetooth functionality, particularly those that may connect to or rely on CSR-based Bluetooth 5.0 devices or their clones. This could affect a wide range of devices including desktops, laptops, embedded systems, and IoT devices running vulnerable Linux kernels. The kernel panic caused by this vulnerability leads to system crashes, which can disrupt business operations, cause data loss if unsaved work is lost during the crash, and require system reboots. Organizations with critical infrastructure or services dependent on Linux Bluetooth connectivity may experience operational interruptions. However, since exploitation requires physical interaction with the device (replugging a fake CSR Bluetooth controller), remote exploitation risk is low. The vulnerability could be exploited by an insider or attacker with physical access to the system or through supply chain attacks involving counterfeit Bluetooth devices. The impact on confidentiality and integrity is minimal, but availability is significantly affected due to system crashes.
Mitigation Recommendations
1. Update the Linux kernel to the latest patched version where this vulnerability has been fixed. Monitor Linux kernel release notes and security advisories for the specific patch addressing CVE-2022-48982. 2. Implement strict hardware procurement policies to avoid the use of counterfeit or fake Bluetooth devices, especially CSR clones. Use trusted vendors and verify device authenticity. 3. Disable or restrict Bluetooth usage on critical Linux systems where it is not essential to reduce the attack surface. 4. Employ system monitoring and alerting to detect frequent kernel panics or Bluetooth device connection anomalies that may indicate exploitation attempts. 5. For environments where physical security cannot be guaranteed, consider disabling USB ports or using USB device control policies to prevent unauthorized device connections. 6. Educate IT and security staff about the risks of counterfeit hardware and the importance of patch management for kernel vulnerabilities. 7. In virtualized or containerized environments, isolate Bluetooth device access to minimize impact on host systems.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-22T01:27:53.633Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982fc4522896dcbe6807
Added to database: 5/21/2025, 9:09:03 AM
Last enriched: 7/1/2025, 12:43:25 AM
Last updated: 7/28/2025, 6:49:53 AM
Views: 8
Related Threats
CVE-2025-8923: SQL Injection in code-projects Job Diary
MediumCVE-2025-8922: SQL Injection in code-projects Job Diary
MediumCVE-2025-45313: n/a
HighCVE-2025-8921: SQL Injection in code-projects Job Diary
MediumCVE-2025-8920: Cross Site Scripting in Portabilis i-Diario
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.