Bluetooth Vulnerability in Linux Kernel Affecting Data Integrity
CVE-2025-38473

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38473?

A vulnerability has been identified in the Bluetooth subsystem of the Linux kernel, specifically in the function l2cap_sock_resume_cb(). This issue, which pertains to a null-pointer dereference, is triggered when the function attempts to access a socket that has already been terminated. To mitigate this risk, it is essential to implement checks within the function to confirm that the referenced socket is valid before accessing it, thereby safeguarding the integrity of the system and preventing potential exploitation by attackers.

Affected Version(s)

Linux d97c899bde330cd1c76c3a162558177563a74362

References

https://git.kernel.org/stable/c/ac3a8147bb24314fb3e849865...

https://git.kernel.org/stable/c/c4f16f6b071a74ac7eefe5c28...

https://git.kernel.org/stable/c/b97be7ee8a1cd96b89817cbd6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025