{ "threat_severity" : "Moderate", "public_date" : "2025-12-08T00:00:00Z", "bugzilla" : { "description" : "kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling", "id" : "2419896", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419896" }, "cvss3" : { "cvss3_base_score" : "7.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-125", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: hci_event: validate skb length for unknown CC opcode\nIn hci_cmd_complete_evt(), if the command complete event has an unknown\nopcode, we assume the first byte of the remaining skb->data contains the\nreturn status. However, parameter data has previously been pulled in\nhci_event_func(), which may leave the skb empty. If so, using skb->data[0]\nfor the return status uses un-init memory.\nThe fix is to check skb->len before using skb->data.", "A flaw was found in the Linux kernel's Bluetooth component. A local attacker with low privileges could exploit a vulnerability in the Host Controller Interface (HCI) event processing. This issue arises from improper handling of command complete events with unknown opcodes, which can lead to the system attempting to read from uninitialized memory. Successful exploitation could result in the disclosure of sensitive information or cause the system to become unavailable (a denial of service)." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1690", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "kernel-0:6.12.0-124.31.1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1727", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "kernel-0:6.12.0-55.58.1.el10_0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40301\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40301\nhttps://lore.kernel.org/linux-cve-announce/2025120819-CVE-2025-40301-4d3b@gregkh/T" ], "name" : "CVE-2025-40301", "mitigation" : { "value" : "To mitigate this issue, disable the Bluetooth kernel module if Bluetooth functionality is not required. This can be achieved by blacklisting the `bluetooth` module. Create a file named `/etc/modprobe.d/disable-bluetooth.conf` with the following content: `blacklist bluetooth`. A system reboot is required for this change to take effect. Disabling Bluetooth may impact functionality that relies on Bluetooth connectivity.", "lang" : "en:us" }, "csaw" : false }