Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Bluetooth Subsystem Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Bluetooth subsystem of the Linux kernel. This issue arises when clearing link keys, long-term keys, and identity-resolving keys, as the code does not properly manage memory after freeing certain data structures. The vulnerability is present in the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by clearing Bluetooth link keys, long-term keys, or identity-resolving keys in a way that the corresponding data structures are freed without proper synchronization, creating a use-after-free scenario.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.

Added: Sep 18, 2025, 3:05 PM
Updated: Sep 18, 2025, 3:05 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
5.7
remediation
7.7
relevance
0.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.