CVE-2025-38118
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's Bluetooth management subsystem. It allows attackers with local access to potentially crash the kernel or execute arbitrary code by exploiting improper memory handling during advertisement monitor removal. Systems running vulnerable Linux kernel versions with Bluetooth enabled are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution, allowing complete system compromise.
Likely Case
Kernel crash causing system instability or denial of service, requiring reboot to restore functionality.
If Mitigated
Limited to denial of service if exploit attempts are blocked by security controls or if Bluetooth is disabled.
🎯 Exploit Status
Exploitation requires local access and knowledge of Bluetooth management operations. The KASAN report suggests the vulnerability is reliably triggerable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 32aa2fbe319f33b0318ec6f4fceb63879771a286, 3c9aba9cbdf163e2654be9f82d43ff8a04273962, 9df3e5e7f7e4653fd9802878cedc36defc5ef42d, 9f66b6531c2b4e996bb61720ee94adb4b2e8d1be, e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c
Vendor Advisory: https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for backported patches. 3. Reboot the system after kernel update.
🔧 Temporary Workarounds
Disable Bluetooth
linuxCompletely disable Bluetooth functionality to prevent exploitation
systemctl stop bluetooth
systemctl disable bluetooth
rfkill block bluetooth
Restrict Bluetooth access
linuxUse kernel module blacklisting to prevent Bluetooth module loading
echo 'blacklist btusb' >> /etc/modprobe.d/blacklist-bluetooth.conf
echo 'blacklist bluetooth' >> /etc/modprobe.d/blacklist-bluetooth.conf
update-initramfs -u
🧯 If You Can't Patch
- Disable Bluetooth functionality entirely using system controls
- Implement strict access controls to prevent unauthorized local users from accessing Bluetooth management interfaces
🔍 How to Verify
Check if Vulnerable:
Check if Bluetooth is enabled and kernel version is vulnerable: lsmod | grep -i bluetooth && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: uname -r and check with distribution's security advisory📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- KASAN reports of use-after-free in mgmt_remove_adv_monitor_complete
- Bluetooth subsystem crashes
Network Indicators:
- Unusual Bluetooth management traffic from local processes
SIEM Query:
source="kernel" AND ("KASAN" OR "use-after-free" OR "mgmt_remove_adv_monitor")🔗 References
- https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286
- https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962
- https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d
- https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be
- https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
