CVE-2025-39983

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16-rc7

Description The Linux kernel contains a use-after-free flaw within the Bluetooth stack, specifically in the hci conn tx dequeue function. This issue arises from improper locking of the hdev structure when processing HCI EV NUM COMP PKTS events, leading to a potential use-after-free condition. The vulnerability was identified through KASAN (Kernel Address Sanitizer) testing and is triggered during the handling of Bluetooth events.

Recommendations Update to a version newer than 6.16-rc7.