VDB

DEBIAN-CVE-2025-40318

DEBIAN-CVE-2025-40318 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the same entry, leading to double list_del() and "UAF". Fix this by holding cmd_sync_work_lock across both lookup and cancel, so that the entry cannot be removed concurrently.

Affected Products

VendorProductVersions
Debian:12linux0, 6.1.106-1, 6.1.106-2
Debian:14linux6.15.2-1, 6.15.3-1, 6.15.4-1
Debian:13linux0, 6.12.38-1, 6.12.43-1
Debian:11linux-6.1*, 0, 6.1.106-3~deb11u2

Exploit Intelligence

Timeline

  • Dec 8, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›