CVE-2025-38128
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/07/2025
Last modified:
03/07/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands<br />
<br />
In &#39;mgmt_hci_cmd_sync()&#39;, check whether the size of parameters passed<br />
in &#39;struct mgmt_cp_hci_cmd_sync&#39; matches the total size of the data<br />
(i.e. &#39;sizeof(struct mgmt_cp_hci_cmd_sync)&#39; plus trailing bytes).<br />
Otherwise, large invalid &#39;params_len&#39; will cause &#39;hci_cmd_sync_alloc()&#39;<br />
to do &#39;skb_put_data()&#39; from an area beyond the one actually passed to<br />
&#39;mgmt_hci_cmd_sync()&#39;.