CVE-2025-38128

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38128

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38128.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-38128

Downstream

UBUNTU-CVE-2025-38128

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

Published

2025-07-03T08:35:33Z

Modified

2025-10-22T12:26:28.331855Z

Summary

Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands

Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: reject malformed HCICMDSYNC commands

In 'mgmthcicmdsync()', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data (i.e. 'sizeof(struct mgmtcphcicmdsync)' plus trailing bytes). Otherwise, large invalid 'paramslen' will cause 'hcicmdsyncalloc()' to do 'skbputdata()' from an area beyond the one actually passed to 'mgmthcicmdsync()'.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

827af4787e74e8df9e8e0677a69fbb15e0856d2f

Fixed

9eeafd16d76a7642d12b3442a26c15cd345e12f7

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

827af4787e74e8df9e8e0677a69fbb15e0856d2f

Fixed

03f1700b9b4d4f2fed3165370f3c23db76553178

Affected versions

v6.*

v6.12

v6.12-rc7

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.15.1

v6.15.2

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.3