-

CVE-2025-40282

EPSS 0.02%
Veröffentlicht 06.12.2025 21:51:06
Zuletzt bearbeitet 06.12.2025 22:15:56
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: 6lowpan: reset link-local header on ipv6 recv path

Bluetooth 6lowpan.c netdev has header_ops, so it must set link-local
header for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW

Add missing skb_reset_mac_header() for uncompressed ipv6 RX path.

For the compressed one, it is done in lowpan_header_decompress().

Log: (BlueZ 6lowpan-tester Client Recv Raw - Success)
------
kernel BUG at net/core/skbuff.c:212!
Call Trace:
<IRQ>
...
packet_rcv (net/packet/af_packet.c:2152)
...
<TASK>
__local_bh_enable_ip (kernel/softirq.c:407)
netif_rx (net/core/dev.c:5648)
chan_recv_cb (net/bluetooth/6lowpan.c:294 net/bluetooth/6lowpan.c:359)
------

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < ea46a1d217bc82e01cf3d0424e50ebfe251e34bf

Version 18722c247023035b9e2e2a08a887adec2a9a6e49

Status affected

Version < 973e0271754c77db3e1b6b69adf2de85a79a4c8b

Version 18722c247023035b9e2e2a08a887adec2a9a6e49

Status affected

Version < d566e9a2bfc848941b091ffd5f4e12c4e889d818

Version 18722c247023035b9e2e2a08a887adec2a9a6e49

Status affected

Version < 4ebb90c3c309e6375dc3e841af92e2a039843e62

Version 18722c247023035b9e2e2a08a887adec2a9a6e49

Status affected

Version < c24ac6cfe4f9a47180a65592c47e7a310d2f9d93

Version 18722c247023035b9e2e2a08a887adec2a9a6e49

Status affected

Version < 11cd7e068381666f842ad41d1cc58eecd0c75237

Version 18722c247023035b9e2e2a08a887adec2a9a6e49

Status affected

Version < 70d84e7c3a44b81020a3c3d650a64c63593405bd

Version 18722c247023035b9e2e2a08a887adec2a9a6e49

Status affected

Version < 3b78f50918276ab28fb22eac9aa49401ac436a3b

Version 18722c247023035b9e2e2a08a887adec2a9a6e49

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.14

Status affected

Version < 3.14

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.302

Status unaffected

Version <= 5.10.*

Version 5.10.247

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.117

Status unaffected

Version <= 6.12.*

Version 6.12.59

Status unaffected

Version <= 6.17.*

Version 6.17.9

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/ea46a1d217bc82e01cf3d0424e50ebfe251e34bf

https://git.kernel.org/stable/c/973e0271754c77db3e1b6b69adf2de85a79a4c8b

https://git.kernel.org/stable/c/d566e9a2bfc848941b091ffd5f4e12c4e889d818

https://git.kernel.org/stable/c/4ebb90c3c309e6375dc3e841af92e2a039843e62

https://git.kernel.org/stable/c/c24ac6cfe4f9a47180a65592c47e7a310d2f9d93

https://git.kernel.org/stable/c/11cd7e068381666f842ad41d1cc58eecd0c75237

https://git.kernel.org/stable/c/70d84e7c3a44b81020a3c3d650a64c63593405bd

https://git.kernel.org/stable/c/3b78f50918276ab28fb22eac9aa49401ac436a3b

https://nvd.nist.gov/vuln/detail/CVE-2025-40282

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40282

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40282

EUVD