CVE-2025-39861
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
19/09/2025
Last modified:
12/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
Bluetooth: vhci: Prevent use-after-free by removing debugfs files early<br />
<br />
Move the creation of debugfs files into a dedicated function, and ensure<br />
they are explicitly removed during vhci_release(), before associated<br />
data structures are freed.<br />
<br />
Previously, debugfs files such as "force_suspend", "force_wakeup", and<br />
others were created under hdev->debugfs but not removed in<br />
vhci_release(). Since vhci_release() frees the backing vhci_data<br />
structure, any access to these files after release would result in<br />
use-after-free errors.<br />
<br />
Although hdev->debugfs is later freed in hci_release_dev(), user can<br />
access files after vhci_data is freed but before hdev->debugfs is<br />
released.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.4 (including) | 6.6.105 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.46 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.16.6 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page