CVE-2025-40284

NONE EPSS 6.7%
Published Dec 6, 20256mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 6, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed mesh_send_done timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like other MGMT timers. Should fix the BUG: sporadically seen by BlueZ test bot (in "Mesh - Send cancel - 1" test). Log: ------ BUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0 ... Freed by task 36: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_save_free_info+0x3a/0x60 __kasan_slab_free+0x43/0x70 kfree+0x103/0x500 device_release+0x9a/0x210 kobject_put+0x100/0x1e0 vhci_release+0x18b/0x240 ------

Threat Intelligence

EPSS Exploit Probability
6.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 5

  • git.kernel.org https://git.kernel.org/stable/c/2927ff643607eddf4f03d10ef80fe10d977154aa
  • git.kernel.org https://git.kernel.org/stable/c/55fb52ffdd62850d667ebed842815e072d3c9961
  • git.kernel.org https://git.kernel.org/stable/c/7b6b6c077cad0601d62c3c34ab7ce3fb25deda7b
  • git.kernel.org https://git.kernel.org/stable/c/990e6143b0ca0c66f099d67d00c112bf59b30d76
  • git.kernel.org https://git.kernel.org/stable/c/fd62ca5ad136dcf6f5aa308423b299a6be6f54ea

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.