CVE-2025-40318

EPSS 0.04%

發布日:2025/12/8修改日:2026/4/28

描述

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the same entry, leading to double list_del() and "UAF". Fix this by holding cmd_sync_work_lock across both lookup and cancel, so that the entry cannot be removed concurrently.

受影響套件(2)

Debian/linuxfrom 0, < 6.1.159-1
Debian/linux-6.1from 0, < 6.1.159-1~deb11u1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-40318