Bluetooth Connectivity Issues in Linux Kernel
CVE-2025-40282

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 December 2025

What is CVE-2025-40282?

A vulnerability exists in the Linux kernel's Bluetooth implementation that affects the 6lowpan module. The issue arises due to the absence of proper handling for link-local headers on the IPv6 receive path, which can lead to system crashes when processing incoming packets. Specifically, the skb_reset_mac_header() function was not called for uncompressed IPv6 packets, resulting in a potential denial of service scenario. The fix adds the necessary function call to ensure that packet headers are correctly set, promoting stability in the networking stack.

Affected Version(s)

Linux 18722c247023035b9e2e2a08a887adec2a9a6e49

Linux 18722c247023035b9e2e2a08a887adec2a9a6e49 < 973e0271754c77db3e1b6b69adf2de85a79a4c8b

Linux 18722c247023035b9e2e2a08a887adec2a9a6e49

References

https://git.kernel.org/stable/c/ea46a1d217bc82e01cf3d0424...

https://git.kernel.org/stable/c/973e0271754c77db3e1b6b69a...

https://git.kernel.org/stable/c/d566e9a2bfc848941b091ffd5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2025
Vulnerability Reserved
Apr 16, 2025

JSON