VYPR
Unrated severityNVD Advisory· Published Dec 6, 2025· Updated Apr 15, 2026

CVE-2025-40283

CVE-2025-40283

Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF

There is a KASAN: slab-use-after-free read in btusb_disconnect(). Calling "usb_driver_release_interface(&btusb_driver, data->intf)" will free the btusb data associated with the interface. The same data is then used later in the function, hence the UAF.

Fix by moving the accesses to btusb data to before the data is free'd.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

112

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.