-

CVE-2025-40301

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_event: validate skb length for unknown CC opcode

In hci_cmd_complete_evt(), if the command complete event has an unknown
opcode, we assume the first byte of the remaining skb->data contains the
return status. However, parameter data has previously been pulled in
hci_event_func(), which may leave the skb empty. If so, using skb->data[0]
for the return status uses un-init memory.

The fix is to check skb->len before using skb->data.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < fea895de78d3bb2f0c09db9f10b18f8121b15759
Version afcb3369f46ed5dc883a7b92f2dd1e264d79d388
Status affected
Version < 779f83a91d4f1bf5ddfeaf528420cbb6dbf03fa8
Version afcb3369f46ed5dc883a7b92f2dd1e264d79d388
Status affected
Version < cf2c2acec1cf456c3d11c11a7589e886a0f963a9
Version afcb3369f46ed5dc883a7b92f2dd1e264d79d388
Status affected
Version < 1a0ddaaf97405dbd11d4cb5a961a3f82400e8a50
Version afcb3369f46ed5dc883a7b92f2dd1e264d79d388
Status affected
Version < 5c5f1f64681cc889d9b13e4a61285e9e029d6ab5
Version afcb3369f46ed5dc883a7b92f2dd1e264d79d388
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.1
Status affected
Version < 6.1
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.159
Status unaffected
Version <= 6.6.*
Version 6.6.117
Status unaffected
Version <= 6.12.*
Version 6.12.58
Status unaffected
Version <= 6.17.*
Version 6.17.8
Status unaffected
Version <= *
Version 6.18
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.056
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String