Bluetooth Command Handling Vulnerability in Linux Kernel
CVE-2025-38128

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38128?

A vulnerability exists within the Linux kernel's Bluetooth management layer that involves improper handling of malformed HCI_CMD_SYNC commands. When parameters in the 'mgmt_hci_cmd_sync()' function do not match the expected size, it creates the potential for out-of-bounds memory access. Specifically, if an overly large 'params_len' is received, it leads to the misuse of memory allocation functions, allowing for possible exploitation. This issue highlights the need for strict input validation in Bluetooth command processing to prevent corrupt data from causing undefined behavior.

Affected Version(s)

Linux 827af4787e74e8df9e8e0677a69fbb15e0856d2f < 9eeafd16d76a7642d12b3442a26c15cd345e12f7

Linux 827af4787e74e8df9e8e0677a69fbb15e0856d2f < 03f1700b9b4d4f2fed3165370f3c23db76553178

Linux 6.13

References

https://git.kernel.org/stable/c/9eeafd16d76a7642d12b3442a...

https://git.kernel.org/stable/c/03f1700b9b4d4f2fed3165370...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025