CVE-2025-40301

CVSS v2.0

3.2

Low

Vector

AV:L/AC:L/Au:S/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's Bluetooth implementation within the hci cmd complete evt() function. Specifically, the code does not validate the length of the socket buffer (skb) before accessing its data when handling command complete events with unknown opcodes. This can lead to accessing uninitialized memory if the skb is empty after parameter data is pulled in hci event func(). The issue occurs when processing events with unknown command complete opcodes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:1690

BDU:2026-02834

CVE-2025-40301

ECHO-2AC8-93F9-F850

MGASA-2026-0017

MGASA-2026-0018

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

OPENSUSE-SU-2026:20145-1

RHSA-2026:1690

RHSA-2026:1727

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-40301

Weakness Enumeration

Related Identifiers

Affected Products

References · 3273