Uninitialized Memory Access Vulnerability in Linux Kernel Bluetooth Functionality
CVE-2025-40301
What is CVE-2025-40301?
A vulnerability in the Linux kernel Bluetooth subsystem can lead to uninitialized memory access due to improper validation of data length in command complete events. When an unexpected opcode is processed, the system may attempt to retrieve a return status from an empty memory space. The vulnerability occurs in the hci_cmd_complete_evt function, where it assumes the first byte of the skb data contains valid status without checking if the data is indeed present. This flaw could be exploited by attackers to potentially read sensitive information or cause unexpected behavior. The issue has been addressed by implementing a check on the skb length prior to accessing its data.
Affected Version(s)
Linux afcb3369f46ed5dc883a7b92f2dd1e264d79d388
Linux afcb3369f46ed5dc883a7b92f2dd1e264d79d388 < 779f83a91d4f1bf5ddfeaf528420cbb6dbf03fa8
Linux afcb3369f46ed5dc883a7b92f2dd1e264d79d388