Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Bluetooth ISO Use-After-Free Vulnerability in Connection Handling

Vulnerability

A use-after-free vulnerability has been addressed in the Linux kernel's Bluetooth ISO connection management. This issue could arise if the connection's socket pointer is not properly cleared, potentially leading to a use-after-free condition when the connection is freed. The vulnerability is present in the Bluetooth ISO socket type, which was introduced in a previous commit.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Reproduction

The vulnerability can be reproduced by creating a Bluetooth ISO connection and not properly clearing the connection's socket pointer before the connection is freed. This can be done by manipulating the connection management to leave the socket pointer set, which will then be improperly handled when the connection is closed, leading to a use-after-free condition.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Nov 12, 2025, 11:51 AM
Updated: Nov 12, 2025, 5:23 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
1.1
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.