#VU112228 Improper locking in Linux kernel - CVE-2025-38117

Cybersecurity Help s.r.o.

Published: 2025-07-04

Vulnerability identifier: #VU112228

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38117

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mgmt_cmd_complete(), mgmt_pending_new(), mgmt_pending_add() and mgmt_pending_free() functions in net/bluetooth/mgmt_util.c, within the settings_rsp(), cmd_complete_rsp(), mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_le_complete(), set_mesh_complete(), mgmt_class_complete(), pairing_complete(), mgmt_add_adv_patterns_monitor_complete(), mgmt_remove_adv_monitor_complete(), start_discovery_complete(), stop_discovery_complete(), set_advertising_complete(), set_bredr_complete(), set_secure_conn_complete(), get_conn_info_complete(), get_clock_info_complete(), add_advertising_complete(), add_ext_adv_params_complete(), add_ext_adv_data_complete(), remove_advertising_complete(), mgmt_index_removed(), mgmt_power_on(), __mgmt_power_off(), unpair_device_rsp(), mgmt_disconnect_failed(), mgmt_auth_enable_complete() and mgmt_set_class_of_dev_complete() functions in net/bluetooth/mgmt.c, within the hci_alloc_dev_priv() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/4e83f2dbb2bf677e614109df24426c4dded472d4
https://git.kernel.org/stable/c/6fe26f694c824b8a4dbf50c635bee1302e3f099c
https://git.kernel.org/stable/c/bdd56875c6926d8009914f427df71797693e90d4
https://git.kernel.org/stable/c/d7882db79135c829a922daf3571f33ea1e056ae3

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Anolis OS update for kernel:6.6

Ubuntu update for linux-raspi

Ubuntu update for linux-oracle-6.14

Ubuntu update for linux-aws-6.14

Ubuntu update for linux-realtime-6.14

Ubuntu update for linux

Ubuntu update for linux-azure

Ubuntu update for linux-oem-6.14

SUSE update for the Linux Kernel