Main Vulnerability Database SB2025071163

SB2025071163 - Input validation error in Linux kernel bluetooth

Published: July 11, 2025

Security Bulletin ID SB2025071163

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2025-38303)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_set_ext_adv_data_sync() and hci_set_adv_data_sync() functions in net/bluetooth/hci_sync.c, within the eir_create_per_adv_data() and eir_create_adv_data() functions in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/2af40d795d3fb0ee5c074b7ac56ab22402aa6e4f
https://git.kernel.org/stable/c/47c03902269aff377f959dc3fd94a9733aa31d6e
https://git.kernel.org/stable/c/b9db0c27e73b7c8a19384a44af527edfda74ff3d