#VU108340 Use of uninitialized resource in Linux kernel - CVE-2025-23139
Published: May 2, 2025 / Updated: May 10, 2025
Vulnerability identifier: #VU108340
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-23139
CWE-ID: CWE-908
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hci_uart_dequeue(), hci_uart_tx_wakeup(), hci_uart_send_frame(), hci_uart_tty_wakeup(), hci_uart_tty_receive() and hci_uart_set_proto() functions in drivers/bluetooth/hci_ldisc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/02e1bcdfdf769974e7e9fa285e295cd9852e2a38
- https://git.kernel.org/stable/c/1dcf08fcff5ca529de6dc0395091f28854f4e54a
- https://git.kernel.org/stable/c/281782d2c6730241e300d630bb9f200d831ede71
- https://git.kernel.org/stable/c/5df5dafc171b90d0b8d51547a82657cd5a1986c7
- https://git.kernel.org/stable/c/80f14e9de6a43a0bd8194cad1003a3e6dcbc3984
- https://git.kernel.org/stable/c/8e5aff600539e5faea294d9612cca50220e602b8
- https://git.kernel.org/stable/c/9e5a0f5777162e503400c70c6ed25fbbe2d38799
- https://git.kernel.org/stable/c/a40f94f7caa8d3421b64f63ac31bc0f24c890f39
- https://git.kernel.org/stable/c/db7509fa110dd9b11134b75894677f30353b2c51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3