CVE-2025-40213

EPSS 0.02%
Veröffentlicht 24.11.2025 15:59:44
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete

There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to
memcpy from badly declared on-stack flexible array.

Another crash is in set_mesh_complete() due to double list_del via
mgmt_pending_valid + mgmt_pending_remove.

Use DEFINE_FLEX to declare the flexible array right, and don't memcpy
outside bounds.

As mgmt_pending_valid removes the cmd from list, use mgmt_pending_free,
and also report status on error.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version d71b98f253b079cbadc83266383f26fe7e9e103b

Version < 5c19daa93d9af29f1f46251b47e1ea66bcc8d679

Status affected

Version 302a1f674c00dd5581ab8e493ef44767c5101aab

Version < 1c9aca1787e8395a2c59fef20e914467958969c5

Status affected

Version 302a1f674c00dd5581ab8e493ef44767c5101aab

Version < e8785404de06a69d89dcdd1e9a0b6ea42dc6d327

Status affected

Version 87a1f16f07c6c43771754075e08f45b41d237421

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.17

Status affected

Version 0

Version < 6.17

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.066

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/5c19daa93d9af29f1f46251b47e1ea66bcc8d679

https://git.kernel.org/stable/c/1c9aca1787e8395a2c59fef20e914467958969c5

https://git.kernel.org/stable/c/e8785404de06a69d89dcdd1e9a0b6ea42dc6d327

https://nvd.nist.gov/vuln/detail/CVE-2025-40213

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40213

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40213

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40213