CVE-2025-23139

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel's Bluetooth component, specifically in the hci uart module, has been resolved. The issue involves a race condition during initialization where the 'HCI UART PROTO READY' bit is set before the 'hci uart register dev()' function is called, leading to access to uninitialized fields. This can occur when 'hci tty uart close()' is called after the bit is set but before the device is registered. The problem is fixed by setting the 'HCI UART PROTO READY' bit after the device is registered and adding an additional bit to allow power-up without the original bit set.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.