Linux Kernel Bluetooth btsdio Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Bluetooth btsdio component of the Linux kernel. This issue arises from a race condition in the btsdio_remove function, where the hdev variable can be freed while still in use by btsdio_work. The vulnerability occurs in versions of the Linux kernel that include this flawed btsdio implementation.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for memory corruption or arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth btsdio Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating