VYPR
Unrated severityNVD Advisory· Published Nov 24, 2025· Updated Apr 15, 2026

CVE-2025-40213

CVE-2025-40213

Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete

There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to memcpy from badly declared on-stack flexible array.

Another crash is in set_mesh_complete() due to double list_del via mgmt_pending_valid + mgmt_pending_remove.

Use DEFINE_FLEX to declare the flexible array right, and don't memcpy outside bounds.

As mgmt_pending_valid removes the cmd from list, use mgmt_pending_free, and also report status on error.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

63

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.