SB2025040270 - NULL pointer dereference in Linux kernel bluetooth
Published: April 2, 2025 Updated: May 11, 2025
Security Bulletin ID
SB2025040270
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2025-21937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mgmt_remote_name() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/37785a01040cb5d11ed0ddbcbf78491fcd073161
- https://git.kernel.org/stable/c/69fb168b88e4d62cb31cdd725b67ccc5216cfcaf
- https://git.kernel.org/stable/c/88310caff68ae69d0574859f7926a59c1da2d60b
- https://git.kernel.org/stable/c/c5845c73cbacf5704169283ef29ca02031a36564
- https://git.kernel.org/stable/c/f2176a07e7b19f73e05c805cf3d130a2999154cb
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83