PT-2025-38567 · Linux+4 · Linux Kernel+4

Syzbot

·

Published

2025-04-16

·

Updated

2026-05-26

·

CVE-2025-39860

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free vulnerability exists in the Bluetooth stack, specifically within the l2cap sock cleanup listen() function. The issue arises from a race condition where a socket can be freed and subsequently accessed by another thread, leading to a potential system crash. The vulnerability was identified through syzbot testing and involves the bt accept dequeue() function and the l2cap sock release() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

AZL-67559
AZL-74918
BDU:2025-13682
CVE-2025-39860
DLA-4327-1
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-22A4-B452-4A6A
INFESA-2025_0006
OESA-2025-2633
OESA-2025-2634
OESA-2025-2635
OESA-2026-1341
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Suse
Ubuntu