Home

CVE-2025-40284

Description

In the Linux kernel, the following vulnerability has been resolved:Bluetooth: MGMT: cancel mesh send timer when hdev removedmesh_send_done timer is not canceled when hdev is removed, which causescrash if the timer triggers after hdev is gone.Cancel the timer when MGMT removes the hdev, like other MGMT timers.Should fix the BUG: sporadically seen by BlueZ test bot(in Mesh - Send cancel - 1 test).Log:------BUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0...Freed by task 36: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_save_free_info+0x3a/0x60 __kasan_slab_free+0x43/0x70 kfree+0x103/0x500 device_release+0x9a/0x210 kobject_put+0x100/0x1e0 vhci_release+0x18b/0x240------

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.039

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234