How severe is CVE-2022-50339?

This vulnerability has a CVSS score of (Unknown severity).

How difficult is it to exploit CVE-2022-50339?

Exploit difficulty: HARD. Estimated time to exploit: > 4 hours. Required skills: Advanced security expertise.

CVE-2022-50339 - YourPassGen

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()

syzbot is again reporting attempt to cancel uninitialized work
at mgmt_index_removed() [1], for setting of HCI_MGMT flag from
mgmt_init_hdev() from hci_mgmt_cmd() from hci_sock_sendmsg() can
race with testing of HCI_MGMT flag from mgmt_index_removed() from
hci_sock_bind() due to lack of serialization via hci_dev_lock().

Since mgmt_init_hdev() is called with mgmt_chan_list_lock held, we can
safely split hci_dev_test_and_set_flag() into hci_dev_test_flag() and
hci_dev_set_flag(). Thus, in order to close this race, set HCI_MGMT flag
after INIT_DELAYED_WORK() completed.

This is a local fix based on mgmt_chan_list_lock. Lack of serialization
via hci_dev_lock() might be causing different race conditions somewhere
else. But a global fix based on hci_dev_lock() should deserve a future
patch.

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

How to fix CVE-2022-50339

CVE-2022-50339 is a unknown severity vulnerability affecting the affected product.

Description: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work at mgmt_index_removed() [1], for setting of HCI_MGMT flag from mgmt_init_hdev() from hci_mgmt_cmd() from hci_sock_sendmsg() can race with testing of HCI_MGMT flag from mgmt_index_removed() from hci_sock_bind() due to lack of serialization via […]

Exploit Difficulty: HARD
⏱️ Time to exploit: > 4 hours
🛠️ Required skills: Advanced security expertise
💰 Public exploits: Rare or not public

How to Fix:

1 Identify affected systems

- Check if you're running the affected product

2 Immediate actions

- Update to the latest patched version
- If patching is not immediately possible: restrict network exposure, apply least-privilege access

3 Verification

- Test the fix in a staging environment first
- Review logs for signs of exploitation
- Monitor for IOCs (Indicators of Compromise)

4 Long-term prevention

- Enable automatic security updates
- Set up vulnerability monitoring
- Review and harden security configurations

Full CVE details

Exploit Difficulty Assessment

HARD

⏱️ Time to Exploit: > 4 hours

🛠️ Skills Required: Advanced security expertise

💰 Public Exploits: Rare or not public

Vulnerability Timeline

Sep 16, 2025

Vulnerability Published

CVE details first published to NVD database

Nov 12, 2025

Imported to Database

Added to this CVE tracking system

Detection Rules & IOCs

No specific detection rules generated for this vulnerability type.

No vendor/product data available.

No related CVEs found (no vendor/product data available).