CVE-2022-49202 is a vulnerability identified in the Linux kernel specifically within the Bluetooth subsystem, more precisely in the hci_uart driver component. The issue arises from a missing NULL pointer check in the function h5_enqueue. The vulnerability was discovered when Syzbot, an automated kernel fuzzer, triggered a general protection fault (GPF) in the __pm_runtime_resume() function. The root cause is that the pointer hu->serdev can be NULL, but the code attempts to dereference &serdev->dev without verifying if serdev is non-NULL. This results in a general protection fault, which is a type of kernel crash due to invalid memory access. Such faults can lead to system instability or denial of service (DoS) conditions. The vulnerability affects specific Linux kernel versions identified by the commit hash d9dd833cf6d29695682ec7e7924c0d0992b906bc and likely related versions around that commit. There is no indication that this vulnerability allows privilege escalation or remote code execution; rather, it causes a kernel crash due to improper pointer handling. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue was resolved by adding the missing NULL check to prevent dereferencing a NULL pointer, thereby avoiding the general protection fault.

For European organizations, this vulnerability primarily poses a risk of denial of service on Linux systems that utilize Bluetooth functionality through the hci_uart driver. Systems affected include servers, desktops, and embedded devices running vulnerable Linux kernel versions with Bluetooth enabled. If exploited, an attacker with local access or the ability to send crafted Bluetooth packets could trigger a kernel crash, leading to system downtime or disruption of critical services. This could impact operational continuity, especially in environments relying on Bluetooth for device connectivity or management. While the vulnerability does not appear to allow privilege escalation or data compromise, the resulting instability could be exploited as part of a broader attack chain or cause significant disruption in industrial, healthcare, or telecommunications sectors where Linux-based systems are prevalent. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or intentional triggering of the fault.

European organizations should prioritize updating their Linux kernel to versions that include the patch fixing CVE-2022-49202. Specifically, applying the patch that adds the missing NULL check in the hci_uart driver is essential. Systems that do not require Bluetooth functionality should consider disabling the Bluetooth service or unloading the hci_uart kernel module to reduce the attack surface. Network segmentation and access controls should be enforced to limit local access to systems with Bluetooth enabled, minimizing the risk of exploitation. Additionally, monitoring kernel logs for general protection faults or unusual Bluetooth-related errors can help detect attempts to trigger this vulnerability. For embedded or IoT devices running Linux, vendors should be contacted to ensure firmware updates are available and applied. Finally, organizations should maintain an inventory of Linux systems and their kernel versions to identify and remediate vulnerable hosts promptly.