CVE-2025-40283
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/12/2025
Last modified:
06/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF<br />
<br />
There is a KASAN: slab-use-after-free read in btusb_disconnect().<br />
Calling "usb_driver_release_interface(&btusb_driver, data->intf)" will<br />
free the btusb data associated with the interface. The same data is<br />
then used later in the function, hence the UAF.<br />
<br />
Fix by moving the accesses to btusb data to before the data is free&#39;d.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1c28c1e1522c773a94e26950ffb145e88cd9834b
- https://git.kernel.org/stable/c/23d22f2f71768034d6ef86168213843fc49bf550
- https://git.kernel.org/stable/c/297dbf87989e09af98f81f2bcb938041785557e8
- https://git.kernel.org/stable/c/5dc00065a0496c36694afe11e52a5bc64524a9b8
- https://git.kernel.org/stable/c/7a6d1e740220ff9dfcb6a8c994d6ba49e76db198
- https://git.kernel.org/stable/c/95b9b98c93b1c0916a3d4cf4540b7f5d69145a0d
- https://git.kernel.org/stable/c/a2610ecd9fd5708be8997ca8f033e4200c0bb6af
- https://git.kernel.org/stable/c/f858f004bc343a7ae9f2533bbb2a3ab27428532f