Use-After-Free Vulnerability in Linux Kernel Bluetooth Stack
CVE-2025-39860

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
19 September 2025

What is CVE-2025-39860?

A vulnerability has been identified within the Bluetooth subsystem of the Linux kernel where a use-after-free condition may occur. This issue arises from concurrent calls to the bt_accept_dequeue() function and the l2cap_sock_cleanup_listen() function, which do not properly handle socket reference counts under certain conditions. Specifically, two threads could manipulate the same socket object simultaneously, leading to the potential for accessing freed memory. This flaw poses risks of undefined behavior and could be exploited to disrupt system stability or execute arbitrary code.

Affected Version(s)

Linux a2da00d1ea1abfb04f846638e210b5b5166e3c9c < 964cbb198f9c46c2b2358cd1faffc04c1e8248cf

Linux 06f87c96216bc5cd1094c23492274f77f1d5dd3b < 83e1d9892ef51785cf0760b7681436760dda435a

Linux fbe5a2fed8156cc19eb3b956602b0a1dd46a302d < 47f6090bcf75c369695d21c3f179db8a56bbbd49

References

https://git.kernel.org/stable/c/964cbb198f9c46c2b2358cd1f...
https://git.kernel.org/stable/c/83e1d9892ef51785cf0760b76...
https://git.kernel.org/stable/c/47f6090bcf75c369695d21c3f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-39860 : Use-After-Free Vulnerability in Linux Kernel Bluetooth Stack