CVE-2022-49200: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt Fix the following kernel oops in btmtksdio_interrrupt [ 14.339134] btmtksdio_interrupt+0x28/0x54 [ 14.339139] process_sdio_pending_irqs+0x68/0x1a0 [ 14.339144] sdio_irq_work+0x40/0x70 [ 14.339154] process_one_work+0x184/0x39c [ 14.339160] worker_thread+0x228/0x3e8 [ 14.339168] kthread+0x148/0x3ac [ 14.339176] ret_from_fork+0x10/0x30 That happened because hdev->power_on is already called before sdio_set_drvdata which btmtksdio_interrupt handler relies on is not properly set up. The details are shown as the below: hci_register_dev would run queue_work(hdev->req_workqueue, &hdev->power_on) as WQ_HIGHPRI workqueue_struct to complete the power-on sequeunce and thus hci_power_on may run before sdio_set_drvdata is done in btmtksdio_probe. The hci_dev_do_open in hci_power_on would initialize the device and enable the interrupt and thus it is possible that btmtksdio_interrupt is being called right before sdio_set_drvdata is filled out. When btmtksdio_interrupt is being called and sdio_set_drvdata is not filled , the kernel oops is going to happen because btmtksdio_interrupt access an uninitialized pointer.
AI Analysis
Technical Summary
CVE-2022-49200 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically within the btmtksdio driver, which handles MediaTek SDIO Bluetooth devices. The flaw arises due to a race condition in the initialization sequence of the Bluetooth device. During device initialization, the function hci_register_dev schedules a high-priority workqueue task (hdev->power_on) to power on the device. However, this power-on sequence can execute before the driver properly sets the device-specific data pointer via sdio_set_drvdata in the btmtksdio_probe function. As a result, the interrupt handler btmtksdio_interrupt may be invoked while the driver data pointer is still uninitialized. When btmtksdio_interrupt accesses this uninitialized pointer, it causes a kernel oops (a kernel crash or panic), leading to a denial of service (DoS) condition. The kernel oops stack trace shows the sequence of function calls leading to the fault, confirming the timing issue between power-on and driver data setup. This vulnerability is a logic flaw in the driver initialization order rather than a memory corruption or privilege escalation bug. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue affects Linux kernel versions containing the vulnerable btmtksdio driver code prior to the fix. The root cause is the asynchronous execution of the power-on workqueue before the driver data pointer is set, leading to unsafe access in the interrupt handler.
Potential Impact
For European organizations, the primary impact of CVE-2022-49200 is potential system instability and denial of service on Linux systems using MediaTek SDIO Bluetooth devices. This could affect a wide range of devices including laptops, embedded systems, IoT devices, and industrial equipment running vulnerable Linux kernels with the btmtksdio driver. The kernel oops can cause system crashes or reboots, disrupting business operations, especially in environments relying on Bluetooth connectivity for peripherals or communications. While this vulnerability does not directly lead to privilege escalation or data leakage, repeated crashes could degrade service availability and increase maintenance overhead. Organizations using Linux-based infrastructure in sectors such as manufacturing, healthcare, or telecommunications where Bluetooth devices are common may face operational risks. Additionally, the vulnerability could be leveraged by attackers to cause targeted denial of service in critical systems if they can trigger Bluetooth interrupts. However, exploitation complexity is moderate since it requires triggering the interrupt during a narrow initialization window. Overall, the impact is primarily availability-related, with potential cascading effects on business continuity and device reliability.
Mitigation Recommendations
To mitigate CVE-2022-49200, organizations should apply the official Linux kernel patches that reorder the initialization sequence to ensure sdio_set_drvdata is called before the power-on workqueue is scheduled. This fix prevents the interrupt handler from accessing uninitialized pointers. Until patches are applied, practical mitigations include disabling Bluetooth functionality on affected devices if not required, thereby eliminating the attack surface. For embedded or IoT devices, firmware updates incorporating the patched kernel should be prioritized. System administrators should monitor kernel logs for btmtksdio_interrupt oops messages as indicators of attempted exploitation or instability. Additionally, implementing robust system monitoring and automated reboot mechanisms can reduce downtime caused by unexpected kernel crashes. Organizations should also review their asset inventory to identify devices using MediaTek SDIO Bluetooth hardware and prioritize patching accordingly. Finally, coordinating with Linux distribution vendors to obtain timely security updates and testing patches in staging environments before production deployment will ensure minimal disruption.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49200: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt Fix the following kernel oops in btmtksdio_interrrupt [ 14.339134] btmtksdio_interrupt+0x28/0x54 [ 14.339139] process_sdio_pending_irqs+0x68/0x1a0 [ 14.339144] sdio_irq_work+0x40/0x70 [ 14.339154] process_one_work+0x184/0x39c [ 14.339160] worker_thread+0x228/0x3e8 [ 14.339168] kthread+0x148/0x3ac [ 14.339176] ret_from_fork+0x10/0x30 That happened because hdev->power_on is already called before sdio_set_drvdata which btmtksdio_interrupt handler relies on is not properly set up. The details are shown as the below: hci_register_dev would run queue_work(hdev->req_workqueue, &hdev->power_on) as WQ_HIGHPRI workqueue_struct to complete the power-on sequeunce and thus hci_power_on may run before sdio_set_drvdata is done in btmtksdio_probe. The hci_dev_do_open in hci_power_on would initialize the device and enable the interrupt and thus it is possible that btmtksdio_interrupt is being called right before sdio_set_drvdata is filled out. When btmtksdio_interrupt is being called and sdio_set_drvdata is not filled , the kernel oops is going to happen because btmtksdio_interrupt access an uninitialized pointer.
AI-Powered Analysis
Technical Analysis
CVE-2022-49200 is a vulnerability identified in the Linux kernel's Bluetooth subsystem, specifically within the btmtksdio driver, which handles MediaTek SDIO Bluetooth devices. The flaw arises due to a race condition in the initialization sequence of the Bluetooth device. During device initialization, the function hci_register_dev schedules a high-priority workqueue task (hdev->power_on) to power on the device. However, this power-on sequence can execute before the driver properly sets the device-specific data pointer via sdio_set_drvdata in the btmtksdio_probe function. As a result, the interrupt handler btmtksdio_interrupt may be invoked while the driver data pointer is still uninitialized. When btmtksdio_interrupt accesses this uninitialized pointer, it causes a kernel oops (a kernel crash or panic), leading to a denial of service (DoS) condition. The kernel oops stack trace shows the sequence of function calls leading to the fault, confirming the timing issue between power-on and driver data setup. This vulnerability is a logic flaw in the driver initialization order rather than a memory corruption or privilege escalation bug. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue affects Linux kernel versions containing the vulnerable btmtksdio driver code prior to the fix. The root cause is the asynchronous execution of the power-on workqueue before the driver data pointer is set, leading to unsafe access in the interrupt handler.
Potential Impact
For European organizations, the primary impact of CVE-2022-49200 is potential system instability and denial of service on Linux systems using MediaTek SDIO Bluetooth devices. This could affect a wide range of devices including laptops, embedded systems, IoT devices, and industrial equipment running vulnerable Linux kernels with the btmtksdio driver. The kernel oops can cause system crashes or reboots, disrupting business operations, especially in environments relying on Bluetooth connectivity for peripherals or communications. While this vulnerability does not directly lead to privilege escalation or data leakage, repeated crashes could degrade service availability and increase maintenance overhead. Organizations using Linux-based infrastructure in sectors such as manufacturing, healthcare, or telecommunications where Bluetooth devices are common may face operational risks. Additionally, the vulnerability could be leveraged by attackers to cause targeted denial of service in critical systems if they can trigger Bluetooth interrupts. However, exploitation complexity is moderate since it requires triggering the interrupt during a narrow initialization window. Overall, the impact is primarily availability-related, with potential cascading effects on business continuity and device reliability.
Mitigation Recommendations
To mitigate CVE-2022-49200, organizations should apply the official Linux kernel patches that reorder the initialization sequence to ensure sdio_set_drvdata is called before the power-on workqueue is scheduled. This fix prevents the interrupt handler from accessing uninitialized pointers. Until patches are applied, practical mitigations include disabling Bluetooth functionality on affected devices if not required, thereby eliminating the attack surface. For embedded or IoT devices, firmware updates incorporating the patched kernel should be prioritized. System administrators should monitor kernel logs for btmtksdio_interrupt oops messages as indicators of attempted exploitation or instability. Additionally, implementing robust system monitoring and automated reboot mechanisms can reduce downtime caused by unexpected kernel crashes. Organizations should also review their asset inventory to identify devices using MediaTek SDIO Bluetooth hardware and prioritize patching accordingly. Finally, coordinating with Linux distribution vendors to obtain timely security updates and testing patches in staging environments before production deployment will ensure minimal disruption.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.291Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982dc4522896dcbe5221
Added to database: 5/21/2025, 9:09:01 AM
Last enriched: 6/30/2025, 4:10:51 AM
Last updated: 8/9/2025, 10:51:32 PM
Views: 14
Related Threats
CVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumCVE-2025-9051: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-1929: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı
HighCVE-2025-54475: CWE-89: Improper Neutralization of Special Elements used in an SQL Command in joomsky.com JS Jobs component for Joomla
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.