Bluetooth Protocol Vulnerability in Linux Kernel
CVE-2025-40308

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40308?

A vulnerability exists in the Bluetooth stack of the Linux Kernel, specifically concerning the bcsp_recv() function, which can be invoked without proper protocol registration. This oversight leads to a potential NULL pointer dereference, posing risks to system stability and security. To mitigate this, it is crucial that the HCI_UART_REGISTERED flag is verified before processing any incoming data. If the Bluetooth Control and Status Protocol (BCSP) is not registered, the function should return an error code to prevent execution errors.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 39a7d40314b6288cfa2d13269275e9247a7a055a

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 164586725b47f9d61912e6bf17dbaffeff11710b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/39a7d40314b6288cfa2d13269...

https://git.kernel.org/stable/c/164586725b47f9d61912e6bf1...

https://git.kernel.org/stable/c/b65ca9708bfbf47d8b7bd44b7...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON