github - ghsa-rr62-6cpm-ww8h

ghsa-rr62-6cpm-ww8h

Vulnerability from github

Published

2025-11-12 12:30

Modified

2025-11-12 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: ISO: Fix possible UAF on iso_conn_free

This attempt to fix similar issue to sco_conn_free where if the conn->sk is not set to NULL may lead to UAF on iso_conn_free.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40141"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-12T11:15:43Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix possible UAF on iso_conn_free\n\nThis attempt to fix similar issue to sco_conn_free where if the\nconn-\u003esk is not set to NULL may lead to UAF on iso_conn_free.",
  "id": "GHSA-rr62-6cpm-ww8h",
  "modified": "2025-11-12T12:30:27Z",
  "published": "2025-11-12T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40141"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5319145a07d8bf5b0782b25cb3115825689d42bb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80689777919f02328eb873769de4647c9dd3e371"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c92ad1a155ccfa38b87bd1d998287e1c0a24248d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eba6d787ec117a5d2c60f9644e0a39c18542b6be"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-40141 (GCVE-0-2025-40141)

Vulnerability from cvelistv5

Published

2025-11-12 10:23

Modified

2025-11-12 10:23

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not set to NULL may lead to UAF on iso_conn_free.

References

URL

Tags

	https://git.kernel.org/stable/c/eba6d787ec117a5d2c60f9644e0a39c18542b6be
	https://git.kernel.org/stable/c/5319145a07d8bf5b0782b25cb3115825689d42bb
	https://git.kernel.org/stable/c/80689777919f02328eb873769de4647c9dd3e371
	https://git.kernel.org/stable/c/c92ad1a155ccfa38b87bd1d998287e1c0a24248d
	https://git.kernel.org/stable/c/9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8

Impacted products

Vendor

Product

Version

Version: ccf74f2390d60a2f9a75ef496d2564abb478f46a
Version: ccf74f2390d60a2f9a75ef496d2564abb478f46a
Version: ccf74f2390d60a2f9a75ef496d2564abb478f46a
Version: ccf74f2390d60a2f9a75ef496d2564abb478f46a
Version: ccf74f2390d60a2f9a75ef496d2564abb478f46a

Version: 6.0

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/iso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "eba6d787ec117a5d2c60f9644e0a39c18542b6be",
              "status": "affected",
              "version": "ccf74f2390d60a2f9a75ef496d2564abb478f46a",
              "versionType": "git"
            },
            {
              "lessThan": "5319145a07d8bf5b0782b25cb3115825689d42bb",
              "status": "affected",
              "version": "ccf74f2390d60a2f9a75ef496d2564abb478f46a",
              "versionType": "git"
            },
            {
              "lessThan": "80689777919f02328eb873769de4647c9dd3e371",
              "status": "affected",
              "version": "ccf74f2390d60a2f9a75ef496d2564abb478f46a",
              "versionType": "git"
            },
            {
              "lessThan": "c92ad1a155ccfa38b87bd1d998287e1c0a24248d",
              "status": "affected",
              "version": "ccf74f2390d60a2f9a75ef496d2564abb478f46a",
              "versionType": "git"
            },
            {
              "lessThan": "9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8",
              "status": "affected",
              "version": "ccf74f2390d60a2f9a75ef496d2564abb478f46a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/iso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.53",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.156",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.112",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.53",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.3",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18-rc1",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix possible UAF on iso_conn_free\n\nThis attempt to fix similar issue to sco_conn_free where if the\nconn-\u003esk is not set to NULL may lead to UAF on iso_conn_free."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-12T10:23:24.856Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/eba6d787ec117a5d2c60f9644e0a39c18542b6be"
        },
        {
          "url": "https://git.kernel.org/stable/c/5319145a07d8bf5b0782b25cb3115825689d42bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/80689777919f02328eb873769de4647c9dd3e371"
        },
        {
          "url": "https://git.kernel.org/stable/c/c92ad1a155ccfa38b87bd1d998287e1c0a24248d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8"
        }
      ],
      "title": "Bluetooth: ISO: Fix possible UAF on iso_conn_free",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40141",
    "datePublished": "2025-11-12T10:23:24.856Z",
    "dateReserved": "2025-04-16T07:20:57.171Z",
    "dateUpdated": "2025-11-12T10:23:24.856Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.