Use After Free Vulnerability in Bluetooth Stack of Linux Kernel
CVE-2025-40309

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-40309?

A vulnerability exists in the Bluetooth stack of the Linux Kernel, specifically in the handling of SCO connections. This issue is characterized by a use-after-free error in the function sco_conn_free, which could result in memory corruption when an SCO connection is terminated. As the system attempts to free memory that is already in use, this vulnerability may lead to unexpected behavior, potentially allowing an attacker to execute arbitrary code or crash the system. System administrators and security professionals are advised to apply the latest patches to mitigate any risks associated with this vulnerability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 57707135755bd78b1fe5acaebb054fba4739e14c

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/57707135755bd78b1fe5acaeb...

https://git.kernel.org/stable/c/c17caff1062ca91ebac44bfd0...

https://git.kernel.org/stable/c/d2850f037c2ae75882d68ae65...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Apr 16, 2025

JSON