CVE-2025-68304

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Bluetooth implementation within the Linux kernel, specifically in the hci core component. The issue relates to improper locking mechanisms when handling Bluetooth connections during the packet reception (RX) path. This can lead to a use-after-free (UAF) condition where a Bluetooth connection is deleted while still being used, potentially causing system crashes. The vulnerability stems from a concurrency issue where the hci conn structure can be modified or deleted concurrently with its use in the RX path. Syzkaller has reported a crash that appears to be related to this issue, involving functions such as l2cap recv acldata, hci conn get, hci abort conn sync, hci dev lock, hci conn del, and hci conn put. The vulnerability was addressed by moving the lookup of the hci conn structure and associated socket-specific connection information within a critical section to ensure proper synchronization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.