CVE-2025-40213: Linux Kernel Bluetooth Management Vulnerability Patched

Overview

CVE-2025-40213 identifies a recently resolved vulnerability within the Linux kernel’s Bluetooth management (MGMT) subsystem. The vulnerability involves issues in the set_mesh_sync and set_mesh_complete functions, potentially leading to a kernel crash. Specifically, a stack-out-of-bounds write and a double list deletion were identified and subsequently fixed.

Technical Details

The vulnerability manifests in two primary ways:

• Stack-Out-Of-Bounds Write in set_mesh_sync: A memcpy operation from a badly declared on-stack flexible array in the set_mesh_sync function caused a stack-out-of-bounds write. This occurs because the array was not properly defined, allowing the copy operation to write beyond the allocated memory, triggering a KASAN (Kernel Address Sanitizer) error and ultimately a crash.
• Double List Deletion in set_mesh_complete: The set_mesh_complete function experienced a double list deletion issue due to calling both mgmt_pending_valid and mgmt_pending_remove. This attempts to remove the same command from the pending list twice, leading to a crash.

The fixes implemented address these issues by:

• Using DEFINE_FLEX macro to correctly define the flexible array in set_mesh_sync to prevent out-of-bounds writes.
• Replacing mgmt_pending_valid with mgmt_pending_free to avoid double deletions.
• Reporting the status of operations in case of errors.

CVSS Analysis

Currently, a CVSS score has not been assigned to CVE-2025-40213. Further analysis is required to determine the exploitability and impact in order to assign a proper CVSS score.

Possible Impact

The exploitation of this vulnerability can lead to a kernel crash, resulting in a denial-of-service (DoS) condition. A successful attack could potentially disrupt Bluetooth functionality and system stability. While the specific exploitability remains under investigation, the potential for system instability makes patching crucial. A malicious Bluetooth device or application could potentially trigger the vulnerable code path.

Mitigation and Patch Steps

The recommended mitigation is to update your Linux kernel to a version that includes the fix for CVE-2025-40213. Consult your Linux distribution’s security advisories for specific instructions on how to update your kernel. The fixes are included in stable kernel releases following the commits referenced below.

Steps to apply the patch (if manually patching):

1. Identify the impacted kernel version.
2. Obtain the patch files from the provided references.
3. Apply the patches to your kernel source code.
4. Recompile and install the patched kernel.
5. Reboot your system to boot into the patched kernel.

References

• Commit 1c9aca1787e8395a2c59fef20e914467958969c5
• Commit 5c19daa93d9af29f1f46251b47e1ea66bcc8d679
• Commit e8785404de06a69d89dcdd1e9a0b6ea42dc6d327