CVE-2025-38592

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 6.14.0-syzkaller-10892-g4e82c87058f4

Description: A flaw exists in the Bluetooth stack within the Linux kernel related to the handling of device coredumps. Specifically, the hci devcd dump function can experience an out-of-bounds write due to the order in which dev coredumpv and skb put data are called. When dev coredumpv frees the buffer before skb put data completes, it leads to a vmalloc-out-of-bounds error. A crash report from syzbot demonstrates this issue.

Recommendations: versions prior to 6.14.0-syzkaller-10892-g4e82c87058f4

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-02845

CVE-2025-38592

Affected Products

Astra Linux

Linux Kernel

CVE-2025-38592

Weakness Enumeration

Related Identifiers

Affected Products

References · 16