VDB

DEBIAN-CVE-2025-40284

DEBIAN-CVE-2025-40284 PUBLISHED CVSS 9.300000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed mesh_send_done timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like other MGMT timers. Should fix the BUG: sporadically seen by BlueZ test bot (in "Mesh - Send cancel - 1" test). Log: ------ BUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0 ... Freed by task 36: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_save_free_info+0x3a/0x60 __kasan_slab_free+0x43/0x70 kfree+0x103/0x500 device_release+0x9a/0x210 kobject_put+0x100/0x1e0 vhci_release+0x18b/0x240 ------

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:13linux0, 6.12.63-1, 6.12.57-1
Debian:11linux-6.16.1.158-1~deb11u1, 6.1.153-1~deb11u1, 6.1.137-1~deb11u1
Debian:14linux6.16~rc7-1~exp1, 6.17.6-1, 6.17.7-1
Debian:12linux6.1.140-1, 6.1.147-1, 6.1.148-1

Exploit Intelligence

Timeline

  • Dec 6, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›