Linux Kernel Bluetooth NULL Pointer Dereference Vulnerability in btrtl Component

Vulnerability

A vulnerability in the Linux kernel's Bluetooth btrtl component can lead to a NULL pointer dereference. The issue arises in the btrtl_initialize() function, where the rtl_load_file() function's error handling is inadequate. If rtl_load_file() loads a file of zero length, the error code is not properly set, creating a situation where an error pointer is passed instead of NULL. This flaw, detected by the static analysis tool Smatch, can result in a NULL pointer dereference, potentially causing a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth NULL Pointer Dereference Vulnerability in btrtl Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating