| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025071013-CVE-2025-38304-d021@gregkh> Date: Thu, 10 Jul 2025 09:42:45 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38304: Bluetooth: Fix NULL pointer deference on eir_get_service_data From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix NULL pointer deference on eir_get_service_data The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIR_SERVICE_DATA. The Linux kernel CVE team has assigned CVE-2025-38304 to this issue. Affected and fixed versions =========================== Issue introduced in 5.19 with commit 8f9ae5b3ae80f168a6224529e3787f4fb27f299a and fixed in 6.1.142 with commit 497c9d2d7d3983826bb02c10fb4a5818be6550fb Issue introduced in 5.19 with commit 8f9ae5b3ae80f168a6224529e3787f4fb27f299a and fixed in 6.6.94 with commit 4bf29910570666e668a60d953f8da78e95bb7fa2 Issue introduced in 5.19 with commit 8f9ae5b3ae80f168a6224529e3787f4fb27f299a and fixed in 6.12.34 with commit 842f7c3154d5b25ca11753c02ee8cf6ee64c0142 Issue introduced in 5.19 with commit 8f9ae5b3ae80f168a6224529e3787f4fb27f299a and fixed in 6.15.3 with commit 7d99cc0f8e6fa0f35570887899f178122a61d44e Issue introduced in 5.19 with commit 8f9ae5b3ae80f168a6224529e3787f4fb27f299a and fixed in 6.16-rc2 with commit 20a2aa01f5aeb6daad9aeaa7c33dd512c58d81eb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38304 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/bluetooth/eir.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/497c9d2d7d3983826bb02c10fb4a5818be6550fb https://git.kernel.org/stable/c/4bf29910570666e668a60d953f8da78e95bb7fa2 https://git.kernel.org/stable/c/842f7c3154d5b25ca11753c02ee8cf6ee64c0142 https://git.kernel.org/stable/c/7d99cc0f8e6fa0f35570887899f178122a61d44e https://git.kernel.org/stable/c/20a2aa01f5aeb6daad9aeaa7c33dd512c58d81eb
Powered by blists - more mailing lists