VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Jul 10, 2025· Updated Apr 11, 2026

CVE-2025-38303

CVE-2025-38303

Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: eir: Fix possible crashes on eir_create_adv_data

eir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER without checking if that would fit.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel, eir_create_adv_data in Bluetooth EIR may crash due to missing size checks when adding EIR_FLAGS and EIR_TX_POWER.

Vulnerability

The Bluetooth Extended Inquiry Response (EIR) subsystem in the Linux kernel contains a flaw in the eir_create_adv_data function. This function may attempt to add EIR_FLAGS and EIR_TX_POWER data types without first verifying that there is sufficient space in the buffer. If the buffer is too small, this can lead to a memory corruption or a crash.

Exploitation

An attacker could potentially trigger this vulnerability by crafting a malicious Bluetooth advertisement that forces the system to construct an EIR response with insufficient buffer capacity. The attack requires the ability to send Bluetooth advertisements to a vulnerable device, which may be possible from a nearby unauthenticated device.

Impact

Successful exploitation could cause a denial of service (system crash) on the target. The CVSS v3 score of 5.5 (Medium) reflects the potential for local or adjacent network attacks to cause a crash, but not arbitrary code execution.

Mitigation

Patches are available in the Linux kernel stable repository (commits [1] and [2]). Users should update to a kernel version containing these fixes to prevent the crash.

[1]: https://git.kernel.org/stable/c/2af40d795d3fb0ee5c074b7ac56ab22402aa6e4f [2]: https://git.kernel.org/stable/c/2d4588f55cc10fc228f3b46469dbfb3f0a8b13c8

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=5.16,<6.12.34
    • cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
    • (no CPE)

Patches

3
2af40d795d3f
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
b9db0c27e73b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
47c03902269a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.