CVE-2025-39861

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: vhci: Prevent use-after-free by removing debugfs files early<br /> <br /> Move the creation of debugfs files into a dedicated function, and ensure<br /> they are explicitly removed during vhci_release(), before associated<br /> data structures are freed.<br /> <br /> Previously, debugfs files such as "force_suspend", "force_wakeup", and<br /> others were created under hdev-&gt;debugfs but not removed in<br /> vhci_release(). Since vhci_release() frees the backing vhci_data<br /> structure, any access to these files after release would result in<br /> use-after-free errors.<br /> <br /> Although hdev-&gt;debugfs is later freed in hci_release_dev(), user can<br /> access files after vhci_data is freed but before hdev-&gt;debugfs is<br /> released.