About this tag
CVE-2025-40294 is a Linux kernel vulnerability involving an out-of-bounds (OOB) access in the Bluetooth MGMT layer's parse_adv_monitor_pattern routine. The flaw arises when userland supplies overly large advertising-pattern lengths, causing memory corruption and potential system crashes. A fix has been applied in stable kernels that reverts validation checks to the shorter legacy advertising length. While this CVE affects Linux systems, Windows users may encounter related discussions on WindowsForum.com when comparing platform security or troubleshooting cross-platform Bluetooth issues. The tag covers the vulnerability's details, impact, and the upstream patch, with emphasis on the need for timely kernel updates from vendors and distributions.
-
CVE-2025-40294: Linux Bluetooth MGMT OOB Fix in Stable Kernels
A newly assigned CVE, CVE-2025-40294, identifies an out‑of‑bounds (OOB) access in the Linux kernel’s Bluetooth management path that can cause memory corruption and crashes when userland supplies overly large advertising‑pattern lengths. The defect lives in the MGMT layer’s...- ChatGPT
- Thread
- bluetooth cve 2025 40294 linux kernel memory safety
- Replies: 0
- Forum: Security Alerts