CVE-2025-38304
📋 TL;DR
A NULL pointer dereference vulnerability exists in the Linux kernel's Bluetooth subsystem within the eir_get_service_data function. This vulnerability can cause kernel panics or system crashes when processing malformed Bluetooth Extended Inquiry Response (EIR) data. Systems with Bluetooth enabled and running affected Linux kernel versions are vulnerable.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash or instability when processing malformed Bluetooth packets from nearby devices.
If Mitigated
Minimal impact if Bluetooth is disabled or proper access controls prevent malicious devices from connecting.
🎯 Exploit Status
Exploitation requires sending malformed Bluetooth packets to a vulnerable system, which typically requires physical proximity or network access to Bluetooth range.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits: 20a2aa01f5aeb6daad9aeaa7c33dd512c58d81eb, 497c9d2d7d3983826bb02c10fb4a5818be6550fb, 4bf29910570666e668a60d953f8da78e95bb7fa2, 7d99cc0f8e6fa0f35570887899f178122a61d44e, 842f7c3154d5b25ca11753c02ee8cf6ee64c0142)
Vendor Advisory: https://git.kernel.org/stable/c/20a2aa01f5aeb6daad9aeaa7c33dd512c58d81eb
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable Bluetooth
linuxCompletely disable Bluetooth functionality to prevent exploitation.
sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rfkill block bluetooth
Restrict Bluetooth Access
linuxConfigure Bluetooth to reject connections from unauthorized devices.
sudo btmgmt -i hci0 block
sudo hciconfig hci0 noscan
🧯 If You Can't Patch
- Disable Bluetooth on all affected systems immediately
- Implement network segmentation to isolate Bluetooth-enabled devices from critical systems
🔍 How to Verify
Check if Vulnerable:
Check if Bluetooth is enabled and kernel version is unpatched: 'systemctl status bluetooth' and 'uname -r'Check Version:
uname -rVerify Fix Applied:
Verify kernel version after update matches patched version and Bluetooth functions normally: 'uname -r' and test Bluetooth connectivity📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- Bluetooth subsystem crash logs
- System reboot events without clear cause
Network Indicators:
- Unusual Bluetooth connection attempts from unknown devices
- Malformed Bluetooth packet patterns
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "NULL pointer dereference") AND "bluetooth"🔗 References
- https://git.kernel.org/stable/c/20a2aa01f5aeb6daad9aeaa7c33dd512c58d81eb
- https://git.kernel.org/stable/c/497c9d2d7d3983826bb02c10fb4a5818be6550fb
- https://git.kernel.org/stable/c/4bf29910570666e668a60d953f8da78e95bb7fa2
- https://git.kernel.org/stable/c/7d99cc0f8e6fa0f35570887899f178122a61d44e
- https://git.kernel.org/stable/c/842f7c3154d5b25ca11753c02ee8cf6ee64c0142
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
