Linux Kernel Bluetooth Interface Release Vulnerability in Mediatek USB Drivers

Vulnerability

A vulnerability in the Linux kernel's Bluetooth subsystem, specifically within the Mediatek USB driver, has been addressed. The issue arose because the Mediatek driver did not properly release a USB interface used for ISO data transmission before unregistering the Bluetooth HCI device during a USB disconnect. This oversight could lead to a kernel panic when the Bluetooth USB dongle is removed, as the system attempted to unregister the HCI device without the interface being properly released.

Impact

Failure to release the USB interface before disconnecting the Bluetooth dongle can cause a kernel panic during the HCI device unregistration process, potentially leading to a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth Interface Release Vulnerability in Mediatek USB Drivers

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating