PT-2025-27703 · Linux+5 · Linux Kernel+5

Published

2025-07-03

·

Updated

2026-04-20

·

CVE-2025-38117

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7
Description: A vulnerability in the Linux kernel's Bluetooth management has been resolved by protecting the mgmt pending list with its own lock, preventing crashes due to concurrent access. The issue could cause slab-use-after-free errors, as seen in the hci sock get channel function.
Recommendations: For Linux kernel versions prior to 6.15.0-rc7, update to a version that includes the fix for the Bluetooth MGMT vulnerability. As a temporary workaround, consider disabling Bluetooth functionality until a patch is available. Restrict access to the mgmt pending list to minimize the risk of exploitation. Avoid using the hci sock get channel function in the affected API endpoint until the issue is resolved.

Exploit

Fix

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

AZL-64556
AZL-70630
BDU:2025-10776
CVE-2025-38117
ECHO-711C-A4CA-134A
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-1876
OESA-2025-1877
OESA-2025-1878
OESA-2025-1879
OESA-2025-1880
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:03204-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
SUSE-SU-2025_03204-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu