Linux Kernel Bluetooth Mediatek btusb Interface Claiming Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Bluetooth subsystem, specifically within the Mediatek btusb driver, has been addressed. The issue arose because the usb_driver_claim_interface() function was called without the necessary device lock, leading to errors such as 'Failed to claim iso interface' and, in some cases, a NULL pointer dereference. This vulnerability was resolved by adding the appropriate locks to ensure the interface could be claimed safely.

Impact

The vulnerability could lead to improper handling of USB interface claims, causing interface management errors and potential NULL pointer dereferences.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth Mediatek btusb Interface Claiming Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating