SB2025120891 - NULL pointer dereference in Linux kernel bluetooth driver
Published: December 8, 2025
Security Bulletin ID
SB2025120891
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-40308)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bcsp_recv() function in drivers/bluetooth/hci_bcsp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/164586725b47f9d61912e6bf17dbaffeff11710b
- https://git.kernel.org/stable/c/39a7d40314b6288cfa2d13269275e9247a7a055a
- https://git.kernel.org/stable/c/55c1519fca830f59a10bbf9aa8209c87b06cf7bc
- https://git.kernel.org/stable/c/799cd62cbcc3f12ee04b33ef390ff7d41c37d671
- https://git.kernel.org/stable/c/8b892dbef3887dbe9afdc7176d1a5fd90e1636aa
- https://git.kernel.org/stable/c/b420a4c7f915fc1c94ad1f6ca740acc046d94334
- https://git.kernel.org/stable/c/b65ca9708bfbf47d8b7bd44b7c574bd16798e9c9
- https://git.kernel.org/stable/c/ca94b2b036c22556c3a66f1b80f490882deef7a6