NULL pointer dereference in Linux kernel - CVE-2025-40308
Published: December 8, 2025
Vulnerability identifier: #VU119333
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-40308
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bcsp_recv() function in drivers/bluetooth/hci_bcsp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/164586725b47f9d61912e6bf17dbaffeff11710b
- https://git.kernel.org/stable/c/39a7d40314b6288cfa2d13269275e9247a7a055a
- https://git.kernel.org/stable/c/55c1519fca830f59a10bbf9aa8209c87b06cf7bc
- https://git.kernel.org/stable/c/799cd62cbcc3f12ee04b33ef390ff7d41c37d671
- https://git.kernel.org/stable/c/8b892dbef3887dbe9afdc7176d1a5fd90e1636aa
- https://git.kernel.org/stable/c/b420a4c7f915fc1c94ad1f6ca740acc046d94334
- https://git.kernel.org/stable/c/b65ca9708bfbf47d8b7bd44b7c574bd16798e9c9
- https://git.kernel.org/stable/c/ca94b2b036c22556c3a66f1b80f490882deef7a6