CVE-2025-40301

Published: Dec 8, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: validate skb length for unknown CC opcode In hci_cmd_complete_evt(), if the command complete event has an unknown opcode, we assume the first byte of the remaining skb->data contains the return status. However, parameter data has previously been pulled in hci_event_func(), which may leave the skb empty. If so, using skb->data[0] for the return status uses un-init memory. The fix is to check skb->len before using skb->data.

Vendor	Product	Versions
Linux	Linux	affected `afcb3369f46ed5dc883a7b92f2dd1e264d79d388 - < fea895de78d3bb2f0c09db9f10b18f8121b15759` affected `afcb3369f46ed5dc883a7b92f2dd1e264d79d388 - < 779f83a91d4f1bf5ddfeaf528420cbb6dbf03fa8` affected `afcb3369f46ed5dc883a7b92f2dd1e264d79d388 - < cf2c2acec1cf456c3d11c11a7589e886a0f963a9` affected `afcb3369f46ed5dc883a7b92f2dd1e264d79d388 - < 1a0ddaaf97405dbd11d4cb5a961a3f82400e8a50` affected `afcb3369f46ed5dc883a7b92f2dd1e264d79d388 - < 5c5f1f64681cc889d9b13e4a61285e9e029d6ab5`
Linux	Linux	affected `6.1` unaffected `0 - < 6.1` unaffected `6.1.159 - <= 6.1.` unaffected `6.6.117 - <= 6.6.` unaffected `6.12.58 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/fea895de78d3bb2f0c09db9f10b18f8121b15759

https://git.kernel.org/stable/c/779f83a91d4f1bf5ddfeaf528420cbb6dbf03fa8

https://git.kernel.org/stable/c/cf2c2acec1cf456c3d11c11a7589e886a0f963a9

https://git.kernel.org/stable/c/1a0ddaaf97405dbd11d4cb5a961a3f82400e8a50

https://git.kernel.org/stable/c/5c5f1f64681cc889d9b13e4a61285e9e029d6ab5

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-40301

Description

Affected Products

References