CVE-2025-38128

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands<br /> <br /> In &amp;#39;mgmt_hci_cmd_sync()&amp;#39;, check whether the size of parameters passed<br /> in &amp;#39;struct mgmt_cp_hci_cmd_sync&amp;#39; matches the total size of the data<br /> (i.e. &amp;#39;sizeof(struct mgmt_cp_hci_cmd_sync)&amp;#39; plus trailing bytes).<br /> Otherwise, large invalid &amp;#39;params_len&amp;#39; will cause &amp;#39;hci_cmd_sync_alloc()&amp;#39;<br /> to do &amp;#39;skb_put_data()&amp;#39; from an area beyond the one actually passed to<br /> &amp;#39;mgmt_hci_cmd_sync()&amp;#39;.