[SRU][N][PATCH 0/2] CVE-2025-38118
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Thu Oct 2 12:38:43 UTC 2025
https://ubuntu.com/security/CVE-2025-38118
[ Impact ]
CVE-2025-38118 is a use-after-free in the Linux kernel Bluetooth Management code,
specifically in the completion path for the MGMT operation
that removes an advertising monitor (MGMT_OP_REMOVE_ADV_MONITOR).
[ Fix ]
Backport from upstream the fix commit:
- e6ed54e86aae9 Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
and a followup:
- 7dd38ba4acbea Bluetooth: MGMT: Fix sparse errors
[ Test Plan ]
Compile tested only.
[ Regression Potential ]
The fix affects how pending commands are managed for Bluetooth
advertising monitor removal. An issue with this patch may cause
inconsistencies in monitor state if the explicit lifetime handling in
the completion path is disrupted.
Luiz Augusto von Dentz (2):
Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
Bluetooth: MGMT: Fix sparse errors
include/net/bluetooth/hci_core.h | 1 -
net/bluetooth/hci_core.c | 4 +---
net/bluetooth/mgmt.c | 39 ++++++++++----------------------
3 files changed, 13 insertions(+), 31 deletions(-)
--
2.48.1
More information about the kernel-team
mailing list