Primary

Context

Linux Kernel Bluetooth NULL Pointer Dereference Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's Bluetooth subsystem can lead to a NULL pointer dereference. The issue arises in the 'hci_connect_sco' and 'hci_connect_cis' functions, which currently return NULL when there is no link available. This behavior allows a NULL value to be passed to subsequent functions, where it is dereferenced, causing a crash. The vulnerability has been reported by syzkaller.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a system crash.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.

Added: Dec 24, 2025, 12:32 PM

Updated: Dec 24, 2025, 12:32 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.7

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating