CVE-2025-38303

medium

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix possible crashes on eir_create_adv_data eir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER without checking if that would fit.

References

https://git.kernel.org/stable/c/b9db0c27e73b7c8a19384a44af527edfda74ff3d

https://git.kernel.org/stable/c/47c03902269aff377f959dc3fd94a9733aa31d6e

https://git.kernel.org/stable/c/2af40d795d3fb0ee5c074b7ac56ab22402aa6e4f

Details

Source: Mitre, NVD

Published: 2025-07-10

Updated: 2025-07-10

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H