CVE-2025-40283
BaseFortify
Publication date: 2025-12-06
Last updated on: 2025-12-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free (UAF) issue in the Linux kernel's Bluetooth USB driver (btusb). Specifically, in the btusb_disconnect() function, the driver frees the btusb data associated with a USB interface but then continues to access that freed data later in the same function. This improper ordering leads to a use-after-free condition, which can cause memory corruption or crashes. The fix involved reordering the cleanup steps to ensure that the btusb data is accessed only before it is freed.
How can this vulnerability impact me? :
This use-after-free vulnerability can lead to memory corruption or system instability in the Linux kernel's Bluetooth USB driver. Exploiting this flaw could potentially allow an attacker to execute arbitrary code, cause denial of service (system crashes), or escalate privileges on affected systems that use the vulnerable Bluetooth driver.