Use-After-Free Vulnerability in Linux Kernel Bluetooth Driver
CVE-2025-40283
What is CVE-2025-40283?
A vulnerability exists in the Linux kernel's Bluetooth driver, specifically in the btusb_disconnect function. This vulnerability stems from improper handling of memory, leading to a use-after-free (UAF) condition. When the function usb_driver_release_interface is called, it frees the btusb data associated with the Bluetooth interface. However, the function attempts to access this data again afterward, creating a risk of accessing freed memory blocks. This flaw can potentially be exploited to cause unpredictable behavior or system crashes. The issue has been addressed by modifying the order of data access to ensure that necessary operations are completed before freeing the memory.
Affected Version(s)
Linux fd913ef7ce619467c6b0644af48ba1fec499c623 < 297dbf87989e09af98f81f2bcb938041785557e8
Linux fd913ef7ce619467c6b0644af48ba1fec499c623
Linux fd913ef7ce619467c6b0644af48ba1fec499c623 < 7a6d1e740220ff9dfcb6a8c994d6ba49e76db198