CVE-2025-40308

NONE EPSS 6.0%
Published Dec 8, 20256mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 8, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsp_recv() can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590 Call Trace: <TASK> hci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627 tiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290 tty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f To prevent this, ensure that the HCI_UART_REGISTERED flag is set before processing received data. If the protocol is not registered, return -EUNATCH.

Threat Intelligence

EPSS Exploit Probability
6.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • git.kernel.org https://git.kernel.org/stable/c/164586725b47f9d61912e6bf17dbaffeff11710b
  • git.kernel.org https://git.kernel.org/stable/c/39a7d40314b6288cfa2d13269275e9247a7a055a
  • git.kernel.org https://git.kernel.org/stable/c/55c1519fca830f59a10bbf9aa8209c87b06cf7bc
  • git.kernel.org https://git.kernel.org/stable/c/799cd62cbcc3f12ee04b33ef390ff7d41c37d671
  • git.kernel.org https://git.kernel.org/stable/c/8b892dbef3887dbe9afdc7176d1a5fd90e1636aa
  • git.kernel.org https://git.kernel.org/stable/c/b420a4c7f915fc1c94ad1f6ca740acc046d94334
  • git.kernel.org https://git.kernel.org/stable/c/b65ca9708bfbf47d8b7bd44b7c574bd16798e9c9
  • git.kernel.org https://git.kernel.org/stable/c/ca94b2b036c22556c3a66f1b80f490882deef7a6

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.