Linux Kernel Bluetooth Connection Handling Vulnerability Leading to Memory Corruption

Vulnerability

A vulnerability in the Linux kernel's Bluetooth implementation has been addressed. The issue arose when multiple connection complete events were received for the same handle, causing the device to be registered multiple times. This duplication led to memory corruption. To resolve this, events for a single connection are now ignored if they are received multiple times. Additionally, a new handle identifier, HCI_CONN_HANDLE_UNSET, has been introduced to recognize new connections, and checks have been added to ensure events do not contain invalid handles.

Impact

The vulnerability could lead to memory corruption due to improper handling of Bluetooth connection events.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth Connection Handling Vulnerability Leading to Memory Corruption

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating