Vulnerability in Linux Kernel Bluetooth Functionality
CVE-2025-40141

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40141?

A vulnerability has been identified within the Linux Kernel's Bluetooth subsystem that may lead to a Use After Free scenario on the iso_conn_free function. This issue arises when the socket connection (conn->sk) is not properly nullified after its usage ends, potentially allowing attackers to exploit this flaw to access freed memory. The flaw has been addressed in a recent patch, enhancing the stability and security of the Bluetooth ISOs. It is crucial for users and administrators to ensure they are running the latest version of the kernel to mitigate this vulnerability.

Affected Version(s)

Linux ccf74f2390d60a2f9a75ef496d2564abb478f46a

Linux ccf74f2390d60a2f9a75ef496d2564abb478f46a < 5319145a07d8bf5b0782b25cb3115825689d42bb

Linux ccf74f2390d60a2f9a75ef496d2564abb478f46a < 80689777919f02328eb873769de4647c9dd3e371

References

https://git.kernel.org/stable/c/eba6d787ec117a5d2c60f9644...

https://git.kernel.org/stable/c/5319145a07d8bf5b0782b25cb...

https://git.kernel.org/stable/c/80689777919f02328eb873769...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON