CVE-2022-49139 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically related to the handling of the HCI_Synchronous_Connection_Complete event. This event is designed for SCO (Synchronous Connection-Oriented) and eSCO (extended SCO) link types, which are used primarily for audio data transmission over Bluetooth. The vulnerability arises when the kernel receives an HCI_Synchronous_Connection_Complete event for a Bluetooth device address (BDADDR) that corresponds to an existing Low Energy (LE) connection, which uses a different link type. Under certain status conditions that trigger a specific packet processing path, the kernel attempts to dereference a NULL pointer because the connection's link pointer (conn->link) is NULL. This NULL pointer dereference can lead to a kernel crash (denial of service) or potentially be leveraged for more severe exploitation depending on the kernel's memory layout and protections. The vulnerability affects multiple versions of the Linux kernel as indicated by the repeated affected version hashes, and it was publicly disclosed on February 26, 2025. There are no known exploits in the wild at the time of disclosure, and no CVSS score has been assigned. The issue was resolved by fixing the null pointer dereference in the Bluetooth HCI event handling code.

For European organizations, this vulnerability poses a risk primarily to systems running vulnerable Linux kernel versions with Bluetooth enabled, particularly those using SCO or eSCO links for audio or other synchronous data transmission. The impact includes potential denial of service through kernel crashes, which can disrupt critical services, especially in environments relying on Bluetooth for communication or device connectivity. While no known exploits exist currently, the vulnerability could be targeted in the future by attackers aiming to cause system instability or to escalate privileges if combined with other vulnerabilities. Industries such as telecommunications, manufacturing, healthcare, and public sector entities that use Linux-based systems with Bluetooth capabilities are at risk. Additionally, embedded systems and IoT devices running Linux kernels with Bluetooth support may be affected, potentially impacting operational technology environments. The disruption of availability could have cascading effects on business continuity and safety-critical operations.

European organizations should prioritize updating their Linux kernel to the latest patched versions that address CVE-2022-49139. Since the vulnerability is triggered by specific Bluetooth events, organizations should audit and restrict Bluetooth usage where possible, especially on critical infrastructure and servers. Disabling Bluetooth on systems where it is not required can reduce the attack surface. For systems that must use Bluetooth, implementing strict network segmentation and access controls can limit exposure. Monitoring kernel logs for unusual Bluetooth HCI events or crashes can provide early detection of attempted exploitation. Additionally, organizations should ensure their incident response plans include procedures for handling kernel-level crashes and potential denial of service scenarios. For embedded and IoT devices, vendors should be contacted to confirm patch availability or mitigations. Finally, maintaining an up-to-date asset inventory to identify vulnerable Linux systems with Bluetooth enabled is essential for targeted remediation.