CVE-2025-40213
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's Bluetooth management involves crashes caused by improper handling of flexible arrays and list operations. Specifically, there is a stack-out-of-bounds error in the set_mesh_sync function due to memcpy being used on a badly declared on-stack flexible array. Additionally, set_mesh_complete can cause a crash due to a double removal from a list (double list_del) caused by improper management of pending commands. The fix involves correctly declaring the flexible array using DEFINE_FLEX, avoiding memcpy outside array bounds, and properly managing list removals and error reporting.
How can this vulnerability impact me? :
This vulnerability can cause crashes in the Linux kernel's Bluetooth subsystem, potentially leading to system instability or denial of service. If exploited or triggered, it could disrupt Bluetooth functionality or cause the system to become unresponsive or reboot unexpectedly.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where this vulnerability is fixed, as the issue involves a crash in Bluetooth MGMT due to improper handling of flexible arrays and list operations. Applying the patch that uses DEFINE_FLEX for flexible arrays and corrects list handling will mitigate the vulnerability.