CVE-2025-68298

EPSS 0.02%
Veröffentlicht 16.12.2025 15:06:17
Zuletzt bearbeitet 18.12.2025 15:08:06
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref

In btusb_mtk_setup(), we set `btmtk_data->isopkt_intf` to:
  usb_ifnum_to_if(data->udev, MTK_ISO_IFNUM)

That function can return NULL in some cases. Even when it returns
NULL, though, we still go on to call btusb_mtk_claim_iso_intf().

As of commit e9087e828827 ("Bluetooth: btusb: mediatek: Add locks for
usb_driver_claim_interface()"), calling btusb_mtk_claim_iso_intf()
when `btmtk_data->isopkt_intf` is NULL will cause a crash because
we'll end up passing a bad pointer to device_lock(). Prior to that
commit we'd pass the NULL pointer directly to
usb_driver_claim_interface() which would detect it and return an
error, which was handled.

Resolve the crash in btusb_mtk_claim_iso_intf() by adding a NULL check
at the start of the function. This makes the code handle a NULL
`btmtk_data->isopkt_intf` the same way it did before the problematic
commit (just with a slight change to the error message printed).

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 2fa09fe98ca3b114d66285f65f7e108fea131815

Version 930e1790b99e5839e1af69d2f7fd808f1fba2df9

Status affected

Version < c3b990e0b23068da65f0004cd38ee31f43f36460

Version e9087e828827e5a5c85e124ce77503f2b81c3491

Status affected

Version < c884a0b27b4586e607431d86a1aa0bb4fb39169c

Version e9087e828827e5a5c85e124ce77503f2b81c3491

Status affected

Version 4194766ec8756f4f654d595ae49962acbac49490

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.14

Status affected

Version < 6.14

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.61

Status unaffected

Version <= 6.17.*

Version 6.17.11

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/2fa09fe98ca3b114d66285f65f7e108fea131815

https://git.kernel.org/stable/c/c3b990e0b23068da65f0004cd38ee31f43f36460

https://git.kernel.org/stable/c/c884a0b27b4586e607431d86a1aa0bb4fb39169c

https://nvd.nist.gov/vuln/detail/CVE-2025-68298

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68298

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68298

EUVD