CVE-2025-40294

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s Bluetooth implementation within the parse adv monitor pattern() function. The issue involves a potential out-of-bounds access when copying data into the patterns[i].value array within the mgmt adv pattern structure. Specifically, if the pattern[i].length value, set in user space, exceeds 31, an out-of-bounds write can occur. The vulnerability is related to the handling of advertising monitor patterns and the size limits applied to the offset and length variables. The issue was discovered by InfoTeCS on behalf of Linux Verification Center.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:1143

ALSA-2026:1690

BDU:2026-02836

CVE-2025-40294

ECHO-0A4F-9EF9-68D1

MGASA-2026-0017

MGASA-2026-0018

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

OPENSUSE-SU-2026:20145-1

RHSA-2026:1143

RHSA-2026:1690

RHSA-2026:2352

RHSA-2026:2594

RHSA-2026:2761

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Rocky Linux

Ubuntu

CVE-2025-40294

Weakness Enumeration

Related Identifiers

Affected Products

References · 2718