Bluetooth Protocol Vulnerability in Linux Kernel
CVE-2025-40308

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
8 December 2025

What is CVE-2025-40308?

A vulnerability exists in the Bluetooth stack of the Linux Kernel, specifically concerning the bcsp_recv() function, which can be invoked without proper protocol registration. This oversight leads to a potential NULL pointer dereference, posing risks to system stability and security. To mitigate this, it is crucial that the HCI_UART_REGISTERED flag is verified before processing any incoming data. If the Bluetooth Control and Status Protocol (BCSP) is not registered, the function should return an error code to prevent execution errors.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 48effdb7a798232db945503cf3f51e0be8070cea < 39a7d40314b6288cfa2d13269275e9247a7a055a

Linux 45fa7bd82c6178f4fec0ab94891144a043ec5fe8 < 164586725b47f9d61912e6bf17dbaffeff11710b

Linux d71a57a34ab6bbc95dc461158403c02e8ff3f912

References

https://git.kernel.org/stable/c/39a7d40314b6288cfa2d13269...
https://git.kernel.org/stable/c/164586725b47f9d61912e6bf1...
https://git.kernel.org/stable/c/b65ca9708bfbf47d8b7bd44b7...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.