SB2025040244 - Use-after-free in Linux kernel bluetooth
Published: April 2, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025040244
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-21969)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_get_ident(), l2cap_send_cmd(), l2cap_conn_del(), l2cap_conn_free(), l2cap_recv_reset() and l2cap_recv_acldata() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28
- https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d
- https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d
- https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.20