SB2025070468 - Improper locking in Linux kernel net bluetooth
Published: July 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2025-38117)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mgmt_cmd_complete(), mgmt_pending_new(), mgmt_pending_add() and mgmt_pending_free() functions in net/bluetooth/mgmt_util.c, within the settings_rsp(), cmd_complete_rsp(), mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_le_complete(), set_mesh_complete(), mgmt_class_complete(), pairing_complete(), mgmt_add_adv_patterns_monitor_complete(), mgmt_remove_adv_monitor_complete(), start_discovery_complete(), stop_discovery_complete(), set_advertising_complete(), set_bredr_complete(), set_secure_conn_complete(), get_conn_info_complete(), get_clock_info_complete(), add_advertising_complete(), add_ext_adv_params_complete(), add_ext_adv_data_complete(), remove_advertising_complete(), mgmt_index_removed(), mgmt_power_on(), __mgmt_power_off(), unpair_device_rsp(), mgmt_disconnect_failed(), mgmt_auth_enable_complete() and mgmt_set_class_of_dev_complete() functions in net/bluetooth/mgmt.c, within the hci_alloc_dev_priv() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.