CVE-2025-40294
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer out-of-bounds (OOB) access issue in the Linux kernel's Bluetooth management code, specifically in the parse_adv_monitor_pattern() function. The function limits the 'length' variable to a maximum of 251, but the 'value' array it copies data into has a size of only 31. If user space sets a 'pattern[i].length' value greater than 31, it can cause the code to access memory beyond the bounds of the 'value' array, potentially leading to memory corruption or crashes.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory access, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges by exploiting the memory corruption.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the parse_adv_monitor_pattern() function has been fixed to prevent out-of-bounds access. This involves applying the patch that reverts the limits for 'offset' and 'length' back to the value of HCI_MAX_AD_LENGTH, ensuring the 'value' array is not accessed out of bounds.