CVE

DEBIAN-CVE-2025-71082

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of devm_kzalloc in btusb This reverts commit 98921dbd00c4e ("Bluetooth: Use devm_kzalloc in btusb.c f...

Back to all

CVE

DEBIAN-CVE-2025-71082

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of devmkzalloc in btusb This reverts commit 98921dbd00c4e ("Bluetooth: Use devmkzalloc in btusb.c file"). In btusbprobe(), we use devmkzalloc() to allocate the btusb data. This ties the lifetime of all the btusb data to the binding of a driver to one interface, INTF. In a driver that binds to other interfaces, ISOC and DIAG, this is an accident waiting to happen. The issue is revealed in btusbdisconnect(), where calling usbdriverreleaseinterface(&btusb_driver, data->intf) will have devm free the data that is also being used by the other interfaces of the driver that may not be released yet. To fix this, revert the use of devm and go back to freeing memory explicitly.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://security-tracker.debian.org/tracker/CVE-2025-71082

Severity

7.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.8

EPSS Probability

EPSS Percentile

Introduced Version

Fix Available

6.1.162-1,6.12.69-1,6.18.5-1,6.1.162-1~deb11u1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

DEBIAN-CVE-2025-71082

DEBIAN-CVE-2025-71082

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.8

Basic Information

Fix Critical Vulnerabilities Instantly