Vulnerability Lookup

🛡️ CVE-2025-40308

⚪ Unknown ✅ No Known Exploit NVD

N/A

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsp_recv() can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590 Call Trace: hci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627 tiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290 tty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f To prevent this, ensure that the HCI_UART_REGISTERED flag is set before processing received data. If the protocol is not registered, return -EUNATCH.

Details

Severity Unknown

CVSS Score N/A

CVSS Vector N/A

CWE N/A

Public Exploit ✅ No

Source NVD

Published 2025-12-08

Updated 2026-06-02

Modified 2026-04-16

Fix URL N/A

Affected Packages

Software	From version	Fixed in
kernel	6.13.0	6.17.8
unknown	—	—

References

WEB https://git.kernel.org/stable/c/164586725b47f9d61912e6bf17dbaffeff11710b

WEB https://git.kernel.org/stable/c/39a7d40314b6288cfa2d13269275e9247a7a055a

WEB https://git.kernel.org/stable/c/55c1519fca830f59a10bbf9aa8209c87b06cf7bc

WEB https://git.kernel.org/stable/c/799cd62cbcc3f12ee04b33ef390ff7d41c37d671

WEB https://git.kernel.org/stable/c/8b892dbef3887dbe9afdc7176d1a5fd90e1636aa

WEB https://git.kernel.org/stable/c/b420a4c7f915fc1c94ad1f6ca740acc046d94334

WEB https://git.kernel.org/stable/c/b65ca9708bfbf47d8b7bd44b7c574bd16798e9c9

WEB https://git.kernel.org/stable/c/ca94b2b036c22556c3a66f1b80f490882deef7a6

ADVISORY https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40308.json

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-40308

PACKAGE https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

🔗 NVD 🔗 Mitre

Similar Threats

Unknown ALSA-2023:2458
Unknown ALSA-2023:1703
Unknown ALSA-2023:1566
Unknown ALSA-2023:1470
Unknown ALSA-2023:0951

Site Security Check

Concerned your site may already be targeted?

BotEraser analyzes incoming traffic patterns and helps identify bot behavior consistent with known exploit attempts.

Check My Site Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Concerned your site may already be targeted?

Company

Resources

Services

Trusted

Subscribe