Linux Kernel Bluetooth Command Handling Vulnerability Allowing Buffer Overwrite

Vulnerability

A vulnerability in the Linux kernel's Bluetooth management layer has been addressed. The issue arose in the 'mgmt_hci_cmd_sync()' function, where the size of parameters in 'struct mgmt_cp_hci_cmd_sync' was not properly validated against the expected total size. This oversight allowed for large, malformed 'params_len' values to cause 'hci_cmd_sync_alloc()' to write data beyond the allocated buffer, potentially leading to memory corruption.

Impact

Exploitation of this vulnerability could result in a buffer overwrite, causing memory corruption.

Added: Jul 3, 2025, 10:43 AM

Updated: Jul 3, 2025, 10:43 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Bluetooth Command Handling Vulnerability Allowing Buffer Overwrite

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating