CVE-2025-40294

EPSS 0.02%
Veröffentlicht 08.12.2025 00:46:17
Zuletzt bearbeitet 08.12.2025 18:26:49
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()

In the parse_adv_monitor_pattern() function, the value of
the 'length' variable is currently limited to HCI_MAX_EXT_AD_LENGTH(251).
The size of the 'value' array in the mgmt_adv_pattern structure is 31.
If the value of 'pattern[i].length' is set in the user space
and exceeds 31, the 'patterns[i].value' array can be accessed
out of bound when copied.

Increasing the size of the 'value' array in
the 'mgmt_adv_pattern' structure will break the userspace.
Considering this, and to avoid OOB access revert the limits for 'offset'
and 'length' back to the value of HCI_MAX_AD_LENGTH.

Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 96616530f524a0a76248cd44201de0a9e8526190

Version 99f30e12e588f9982a6eb1916e53510bff25b3b8

Status affected

Version < 5f7350ff2b179764a4f40ba4161b60b8aaef857b

Version db08722fc7d46168fe31d9b8a7b29229dd959f9f

Status affected

Version < 4b7d4aa5399b5a64caee639275615c63c008540d

Version db08722fc7d46168fe31d9b8a7b29229dd959f9f

Status affected

Version < 3a50d59b3781bc3a4e96533612509546a4c309a7

Version db08722fc7d46168fe31d9b8a7b29229dd959f9f

Status affected

Version < 8d59fba49362c65332395789fd82771f1028d87e

Version db08722fc7d46168fe31d9b8a7b29229dd959f9f

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.6

Status affected

Version < 6.6

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.117

Status unaffected

Version <= 6.12.*

Version 6.12.58

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/96616530f524a0a76248cd44201de0a9e8526190

https://git.kernel.org/stable/c/5f7350ff2b179764a4f40ba4161b60b8aaef857b

https://git.kernel.org/stable/c/4b7d4aa5399b5a64caee639275615c63c008540d

https://git.kernel.org/stable/c/3a50d59b3781bc3a4e96533612509546a4c309a7

https://git.kernel.org/stable/c/8d59fba49362c65332395789fd82771f1028d87e

https://nvd.nist.gov/vuln/detail/CVE-2025-40294

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40294

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40294

EUVD