CVE-2025-38250

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A use-after-free vulnerability exists in the vhci flush() function within the Bluetooth HCI core of the Linux kernel. The vulnerability occurs when a thread closes a vhci file descriptor while another thread is still accessing it via iotcl(). This can lead to a slab-use-after-free condition, potentially resulting in system instability or other undefined behavior. The issue arises from a lack of synchronization after unlinking the hdev from the hci dev list in hci unregister dev().

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.