Linux Kernel Bluetooth Command Queuing Vulnerability During HCI Unregistration

Vulnerability

A vulnerability in the Linux kernel's Bluetooth implementation has been addressed. The issue arose in the command synchronization queue when the HCI_UNREGISTER flag was set. This flag indicates that the Bluetooth device had been unregistered, and failing to properly handle this could lead to a use-after-free error after a timeout, as the associated device structure would have been freed.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth Command Queuing Vulnerability During HCI Unregistration

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating