CVE-2025-40283 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF There is a KASAN: slab-use-after-free read in btusb_disconnect(). Calling "usb_driver_release_interface(&btusb_driver, data->intf)" will free the btusb data associated with the interface. The same data is then used later in the function, hence the UAF. Fix by moving the accesses to btusb data to before the data is free'd.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1c28c1e1522c773a94e26950ffb145e88cd9834b
https://git.kernel.org/stable/c/23d22f2f71768034d6ef86168213843fc49bf550
https://git.kernel.org/stable/c/297dbf87989e09af98f81f2bcb938041785557e8
https://git.kernel.org/stable/c/5dc00065a0496c36694afe11e52a5bc64524a9b8
https://git.kernel.org/stable/c/7a6d1e740220ff9dfcb6a8c994d6ba49e76db198
https://git.kernel.org/stable/c/95b9b98c93b1c0916a3d4cf4540b7f5d69145a0d
https://git.kernel.org/stable/c/a2610ecd9fd5708be8997ca8f033e4200c0bb6af
https://git.kernel.org/stable/c/f858f004bc343a7ae9f2533bbb2a3ab27428532f

History

Sat, 06 Dec 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF There is a KASAN: slab-use-after-free read in btusb_disconnect(). Calling "usb_driver_release_interface(&btusb_driver, data->intf)" will free the btusb data associated with the interface. The same data is then used later in the function, hence the UAF. Fix by moving the accesses to btusb data to before the data is free'd.
Title		Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1c28c1e1522c773a94e26950ffb145e88cd9834b https://git.kernel.org/stable/c/23d22f2f71768034d6ef86168213843fc49bf550 https://git.kernel.org/stable/c/297dbf87989e09af98f81f2bcb938041785557e8 https://git.kernel.org/stable/c/5dc00065a0496c36694afe11e52a5bc64524a9b8 https://git.kernel.org/stable/c/7a6d1e740220ff9dfcb6a8c994d6ba49e76db198 https://git.kernel.org/stable/c/95b9b98c93b1c0916a3d4cf4540b7f5d69145a0d https://git.kernel.org/stable/c/a2610ecd9fd5708be8997ca8f033e4200c0bb6af https://git.kernel.org/stable/c/f858f004bc343a7ae9f2533bbb2a3ab27428532f

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-06T21:51:07.409Z

Updated: 2025-12-06T21:51:07.409Z

Reserved: 2025-04-16T07:20:57.184Z

Link: CVE-2025-40283

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-06T22:15:56.393

Modified: 2025-12-06T22:15:56.393

Link: CVE-2025-40283

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object