PT-2025-33791 · Linux+6 · Linux Kernel+6

Published

2025-07-23

·

Updated

2026-04-20

·

CVE-2025-38593

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.19-kernel
Description: A double-free vulnerability exists in the Bluetooth stack within the Linux kernel, specifically within the hci discovery filter clear() function. This function frees a memory region (uuids array) and subsequently sets it to NULL. A race condition can occur where the memory is freed again before being set to NULL, leading to a double-free error. This can occur during service discovery initiated by start service discovery(). The vulnerability is triggered by concurrent calls to hci discovery filter clear() from different contexts, potentially leading to kernel crashes as demonstrated by the provided backtrace.
Recommendations: Update to Linux kernel version 6.12.19-kernel or later to address this issue.

Exploit

Fix

DoS

Double Free

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-476

Related Identifiers

AZL-66513
BDU:2026-02817
CVE-2025-38593
ECHO-4B3D-B2CF-FBB7
OESA-2025-2268
OESA-2025-2269
OESA-2025-2270
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3725-1
SUSE-SU-2025:3751-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu