VYPR
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2025-40318

CVE-2025-40318

Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once

hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the same entry, leading to double list_del() and "UAF".

Fix this by holding cmd_sync_work_lock across both lookup and cancel, so that the entry cannot be removed concurrently.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

179

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.