Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Bluetooth Use-After-Free Vulnerability in HCI Event Handling

Vulnerability

A use-after-free vulnerability has been identified in the Bluetooth HCI event handling of the Linux kernel. This issue arises from improper locking of the HCI device when processing the HCI_EV_NUM_COMP_PKTS event, leading to a memory management error. The vulnerability has been observed in the Linux kernel version 6.16.0-rc7.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by processing HCI_EV_NUM_COMP_PKTS events without properly locking the HCI device, allowing for a use-after-free condition in the Bluetooth connection management.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been fixed.

Added: Oct 15, 2025, 8:40 AM
Updated: Oct 15, 2025, 8:40 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.