Race Condition in Bluetooth Socket Writes in Linux Kernel
CVE-2025-68305

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68305?

A race condition vulnerability has been identified in the Bluetooth implementation of the Linux kernel, specifically affecting the interaction between socket binds and write iterations. This issue can result in a use-after-free scenario if a socket is freed while a write operation is still in progress. By employing the hci_dev_lock to synchronize the socket operations, the vulnerability is mitigated, ensuring the integrity of Bluetooth command processing and enhancing system security. Regular updates are recommended to keep systems protected against such vulnerabilities.

Affected Version(s)

Linux bdd56875c6926d8009914f427df71797693e90d4

Linux 4e83f2dbb2bf677e614109df24426c4dded472d4

Linux 6fe26f694c824b8a4dbf50c635bee1302e3f099c < 69fcb0344bc0dd5b13d7e4e98f8b6bf25a6d4ff7

References

https://git.kernel.org/stable/c/fe68510fc99bb4b88c9c611f8...

https://git.kernel.org/stable/c/e90c05fc5bbea956450a05cc3...

https://git.kernel.org/stable/c/69fcb0344bc0dd5b13d7e4e98...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 16, 2025

JSON