Security tracker / CVE-2022-50166

CVE-2022-50166

Bluetooth: When HCI work queue is drained, only queue chained work

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 76727c02c1e1 ("Bluetooth: Call drain_workqueue() before resetting
 carnil> state"). Vulnerable versions: 3.19.

Bugs

Status

Branch	Status
upstream	released (6.0-rc1) [877afadad2dce8aae1f2aad8ce47e072d4f6165e]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.15-upstream-stable	N/A "Fixed before branching point"
6.14-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.6-upstream-stable	N/A "Fixed before branching point"
6.1-upstream-stable	N/A "Fixed before branching point"
5.10-upstream-stable	needed
sid	released (5.19.6-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	N/A "Fixed before branching point"
5.10-bullseye-security	needed