CVE-2025-39981
Bluetooth: MGMT: Fix possible UAFs
References
Notes
carnil> Introduced in cf75ad8b41d2 ("Bluetooth: hci_sync: Convert MGMT_SET_POWERED")
carnil> 2bd1b237616b ("Bluetooth: hci_sync: Convert MGMT_OP_SET_DISCOVERABLE to use
carnil> cmd_sync")
carnil> f056a65783cc ("Bluetooth: hci_sync: Convert MGMT_OP_SET_CONNECTABLE to use
carnil> cmd_sync")
carnil> 3244845c6307 ("Bluetooth: hci_sync: Convert MGMT_OP_SSP")
carnil> d81a494c43df ("Bluetooth: hci_sync: Convert MGMT_OP_SET_LE")
carnil> b338d91703fa ("Bluetooth: Implement support for Mesh")
carnil> 6f6ff38a1e14 ("Bluetooth: hci_sync: Convert MGMT_OP_SET_LOCAL_NAME")
carnil> 71efbb08b538 ("Bluetooth: hci_sync: Convert MGMT_OP_SET_PHY_CONFIGURATION")
carnil> b747a83690c8 ("Bluetooth: hci_sync: Refactor add Adv Monitor")
carnil> abfeea476c68 ("Bluetooth: hci_sync: Convert MGMT_OP_START_DISCOVERY")
carnil> 26ac4c56f03f ("Bluetooth: hci_sync: Convert MGMT_OP_SET_ADVERTISING").
carnil> Vulnerable versions: 5.17.
Bugs
Status
| Branch |
Status |
| upstream |
released (6.17) [302a1f674c00dd5581ab8e493ef44767c5101aab]
|
| 6.18-upstream-stable |
N/A "Fixed before branching point"
|
| 6.17-upstream-stable |
N/A "Fixed before branching point"
|
| 6.16-upstream-stable |
released (6.16.10) [87a1f16f07c6c43771754075e08f45b41d237421]
|
| 6.12-upstream-stable |
released (6.12.59) [d71b98f253b079cbadc83266383f26fe7e9e103b]
|
| 6.6-upstream-stable |
needed
|
| 6.1-upstream-stable |
needed
|
| 5.10-upstream-stable |
N/A "Vulnerable code not present"
|
| sid |
released (6.16.10-1)
|
| 6.12-trixie-security |
released (6.12.63-1)
|
| 6.1-bookworm-security |
needed
|
| 5.10-bullseye-security |
N/A "Vulnerable code not present"
|
