CVE-2025-38592
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem allows local attackers to cause memory corruption and potentially crash the kernel. This affects systems with Bluetooth functionality enabled and requires local access to trigger. The vulnerability occurs when device coredump handling frees a buffer that is still being accessed.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, with potential for local privilege escalation if combined with other vulnerabilities.
Likely Case
System crash or kernel panic causing denial of service on affected Bluetooth-enabled systems.
If Mitigated
No impact if Bluetooth is disabled or the system is patched.
🎯 Exploit Status
Exploitation requires local access and triggering specific Bluetooth coredump conditions. The vulnerability was discovered via syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 7af4d7b53502286c6cf946d397ab183e76d14820, 8c021ad797f9171d015cf0a932a3fbe5232190f5, efd55f6a59449f8d4e4953f12c177aa902b7451f
Vendor Advisory: https://git.kernel.org/stable/c/7af4d7b53502286c6cf946d397ab183e76d14820
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for security updates. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable Bluetooth
linuxDisable Bluetooth functionality to prevent the vulnerable code path from being triggered.
sudo systemctl stop bluetooth
sudo systemctl disable bluetooth
sudo rfkill block bluetooth
🧯 If You Can't Patch
- Disable Bluetooth functionality completely
- Implement strict access controls to prevent local users from triggering Bluetooth coredump operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if Bluetooth is enabled. Vulnerable if running unpatched kernel with Bluetooth active.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check with 'uname -r' after updating to patched kernel version.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- KASAN reports of vmalloc-out-of-bounds errors
- Bluetooth subsystem crashes
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for kernel panic logs or KASAN reports mentioning 'hci_devcd_dump', 'skb_put_data', or 'vmalloc-out-of-bounds'