CVE-2025-40301

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: hci_event: validate skb length for unknown CC opcode<br /> <br /> In hci_cmd_complete_evt(), if the command complete event has an unknown<br /> opcode, we assume the first byte of the remaining skb-&gt;data contains the<br /> return status. However, parameter data has previously been pulled in<br /> hci_event_func(), which may leave the skb empty. If so, using skb-&gt;data[0]<br /> for the return status uses un-init memory.<br /> <br /> The fix is to check skb-&gt;len before using skb-&gt;data.