SB20250502245 - Use of uninitialized resource in Linux kernel bluetooth driver
Published: May 2, 2025 Updated: May 10, 2025
Security Bulletin ID
SB20250502245
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2025-23139)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hci_uart_dequeue(), hci_uart_tx_wakeup(), hci_uart_send_frame(), hci_uart_tty_wakeup(), hci_uart_tty_receive() and hci_uart_set_proto() functions in drivers/bluetooth/hci_ldisc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02e1bcdfdf769974e7e9fa285e295cd9852e2a38
- https://git.kernel.org/stable/c/1dcf08fcff5ca529de6dc0395091f28854f4e54a
- https://git.kernel.org/stable/c/281782d2c6730241e300d630bb9f200d831ede71
- https://git.kernel.org/stable/c/5df5dafc171b90d0b8d51547a82657cd5a1986c7
- https://git.kernel.org/stable/c/80f14e9de6a43a0bd8194cad1003a3e6dcbc3984
- https://git.kernel.org/stable/c/8e5aff600539e5faea294d9612cca50220e602b8
- https://git.kernel.org/stable/c/9e5a0f5777162e503400c70c6ed25fbbe2d38799
- https://git.kernel.org/stable/c/a40f94f7caa8d3421b64f63ac31bc0f24c890f39
- https://git.kernel.org/stable/c/db7509fa110dd9b11134b75894677f30353b2c51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3