Linux Kernel Bluetooth NULL Pointer Dereference Vulnerability in btbcm_get_board_name()

Vulnerability

A vulnerability in the Linux kernel's Bluetooth component, specifically within the btbcm module, has been addressed. The issue arose because the function devm_kstrdup() could return a NULL pointer on failure, but this potential NULL value was not checked in btbcm_get_board_name(). As a result, the function could inadvertently cause a kernel NULL pointer dereference. The vulnerability has been resolved by adding a NULL check in btbcm_get_board_name() to prevent this error.

Impact

Exploitation of this vulnerability could lead to a kernel NULL pointer dereference, causing a system crash or instability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth NULL Pointer Dereference Vulnerability in btbcm_get_board_name()

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating