Primary

Context

Linux Kernel Bluetooth L2CAP Memory Leak Vulnerability

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's Bluetooth L2CAP implementation. The issue arises in the vhci_write function of the HCI VHCI driver, where a socket buffer (skb) is allocated but not properly freed after processing certain ACL data packets. This leak occurs when the initial fragment of a packet lacks the L2CAP length, causing the HCI core to copy the skb into the connection's rx_skb without releasing it. As a result, unreferenced objects remain in memory, leading to increased memory usage.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not released, potentially leading to increased memory consumption and degradation of system performance over time.

Remediation

Users can apply the latest patches available in the Linux kernel Git repository to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth L2CAP Memory Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating