Security tracker / CVE-2025-40213

CVE-2025-40213

Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 302a1f674c00d ("Bluetooth: MGMT: Fix possible UAFs"). Vulnerable
 carnil> versions: 6.12.59 6.16.10 6.17.

Bugs

Status

Branch	Status
upstream	released (6.18-rc4) [e8785404de06a69d89dcdd1e9a0b6ea42dc6d327]
7.0-upstream-stable	N/A "Fixed before branching point"
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	released (6.17.8) [1c9aca1787e8395a2c59fef20e914467958969c5]
6.12-upstream-stable	N/A "Vulnerable code not present"
6.6-upstream-stable	needed
6.1-upstream-stable	N/A "Vulnerable code not present"
5.10-upstream-stable	N/A "Vulnerable code not present"
sid	released (6.17.8-1)
6.12-trixie-security	N/A "Vulnerable code not present"
6.1-bookworm-security	N/A "Vulnerable code not present"
5.10-bullseye-security	N/A "Vulnerable code not present"