CVE-2025-40283
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
There is a KASAN: slab-use-after-free read in btusb_disconnect(). Calling "usb_driver_release_interface(&btusb_driver, data->intf)" will free the btusb data associated with the interface. The same data is then used later in the function, hence the UAF.
Fix by moving the accesses to btusb data to before the data is free'd.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | fd913ef7ce619467c6b0644af48ba1fec499c623 < 297dbf87989e09af98f81f2bcb938041785557e8 | affected |
| Linux | Linux | fd913ef7ce619467c6b0644af48ba1fec499c623 < f858f004bc343a7ae9f2533bbb2a3ab27428532f | affected |
| Linux | Linux | fd913ef7ce619467c6b0644af48ba1fec499c623 < 7a6d1e740220ff9dfcb6a8c994d6ba49e76db198 | affected |
| Linux | Linux | fd913ef7ce619467c6b0644af48ba1fec499c623 < 5dc00065a0496c36694afe11e52a5bc64524a9b8 | affected |
| Linux | Linux | fd913ef7ce619467c6b0644af48ba1fec499c623 < 1c28c1e1522c773a94e26950ffb145e88cd9834b | affected |
| Linux | Linux | fd913ef7ce619467c6b0644af48ba1fec499c623 < 95b9b98c93b1c0916a3d4cf4540b7f5d69145a0d | affected |
| Linux | Linux | fd913ef7ce619467c6b0644af48ba1fec499c623 < a2610ecd9fd5708be8997ca8f033e4200c0bb6af | affected |
| Linux | Linux | fd913ef7ce619467c6b0644af48ba1fec499c623 < 23d22f2f71768034d6ef86168213843fc49bf550 | affected |
| Linux | Linux | 4.11 | affected |
| Linux | Linux | 0 < 4.11 | unaffected |
| Linux | Linux | 5.4.302 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.247 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.197 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.159 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.117 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.59 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.9 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/297dbf87989e09af98f81f2bcb938041785557e8
- https://git.kernel.org/stable/c/f858f004bc343a7ae9f2533bbb2a3ab27428532f
- https://git.kernel.org/stable/c/7a6d1e740220ff9dfcb6a8c994d6ba49e76db198
- https://git.kernel.org/stable/c/5dc00065a0496c36694afe11e52a5bc64524a9b8
- https://git.kernel.org/stable/c/1c28c1e1522c773a94e26950ffb145e88cd9834b
- https://git.kernel.org/stable/c/95b9b98c93b1c0916a3d4cf4540b7f5d69145a0d
- https://git.kernel.org/stable/c/a2610ecd9fd5708be8997ca8f033e4200c0bb6af
- https://git.kernel.org/stable/c/23d22f2f71768034d6ef86168213843fc49bf550
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.