Bluetooth Use-After-Free Vulnerability in Linux Kernel
CVE-2025-38250

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-38250?

A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem could be exploited by attackers. When a vhci file descriptor is closed while another thread is executing an ioctl() operation, it can lead to a situation where resources are freed while still in use. This lack of proper synchronization, particularly during device unregistration, raises the risk of concurrent access to freed memory, potentially allowing unauthorized code execution or crashing of the system. It is recommended to apply the latest patches that implement SRCU for synchronization during critical operations to safeguard against such vulnerabilities.

Affected Version(s)

Linux bf18c7118cf83ad4b9aa476354b4a06bcb9d0c4f

Linux bf18c7118cf83ad4b9aa476354b4a06bcb9d0c4f < 0e5c144c557df910ab64d9c25d06399a9a735e65

Linux bf18c7118cf83ad4b9aa476354b4a06bcb9d0c4f < 1d6123102e9fbedc8d25bf4731da6d513173e49e

References

https://git.kernel.org/stable/c/ce23b73f0f27e2dbeb81734a7...

https://git.kernel.org/stable/c/0e5c144c557df910ab64d9c25...

https://git.kernel.org/stable/c/1d6123102e9fbedc8d25bf473...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 16, 2025