Detections
Analytics

CVE-2025-40141

medium

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not set to NULL may lead to UAF on iso_conn_free.

References

https://git.kernel.org/stable/c/eba6d787ec117a5d2c60f9644e0a39c18542b6be

https://git.kernel.org/stable/c/c92ad1a155ccfa38b87bd1d998287e1c0a24248d

https://git.kernel.org/stable/c/9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8

https://git.kernel.org/stable/c/80689777919f02328eb873769de4647c9dd3e371

https://git.kernel.org/stable/c/5319145a07d8bf5b0782b25cb3115825689d42bb

Details

Source: Mitre, NVD

Published: 2025-11-12

Updated: 2025-11-12

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018