CVE-2025-38315
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38315
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38315.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38315
- Downstream
- Related
- Published
- 2025-07-10T08:15:30Z
- Modified
- 2025-07-10T16:00:21Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btintel: Check dsbr size from EFI variable
Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also fail. This fixes a stack buffer overflow when the EFI variable is larger than struct btinteldsbr.
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source