fkie_cve-2025-38128
Vulnerability from fkie_nvd
Published
2025-07-03 09:15
Modified
2025-07-03 15:13
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands In 'mgmt_hci_cmd_sync()', check whether the size of parameters passed in 'struct mgmt_cp_hci_cmd_sync' matches the total size of the data (i.e. 'sizeof(struct mgmt_cp_hci_cmd_sync)' plus trailing bytes). Otherwise, large invalid 'params_len' will cause 'hci_cmd_sync_alloc()' to do 'skb_put_data()' from an area beyond the one actually passed to 'mgmt_hci_cmd_sync()'.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/03f1700b9b4d4f2fed3165370f3c23db76553178
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9eeafd16d76a7642d12b3442a26c15cd345e12f7
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: reject malformed HCI_CMD_SYNC commands\n\nIn \u0027mgmt_hci_cmd_sync()\u0027, check whether the size of parameters passed\nin \u0027struct mgmt_cp_hci_cmd_sync\u0027 matches the total size of the data\n(i.e. \u0027sizeof(struct mgmt_cp_hci_cmd_sync)\u0027 plus trailing bytes).\nOtherwise, large invalid \u0027params_len\u0027 will cause \u0027hci_cmd_sync_alloc()\u0027\nto do \u0027skb_put_data()\u0027 from an area beyond the one actually passed to\n\u0027mgmt_hci_cmd_sync()\u0027."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: MGMT: rechazar comandos HCI_CMD_SYNC malformados En \u0027mgmt_hci_cmd_sync()\u0027, verifique si el tama\u00f1o de los par\u00e1metros pasados en \u0027struct mgmt_cp_hci_cmd_sync\u0027 coincide con el tama\u00f1o total de los datos (es decir, \u0027sizeof(struct mgmt_cp_hci_cmd_sync)\u0027 m\u00e1s los bytes finales). De lo contrario, un \u0027params_len\u0027 grande y no v\u00e1lido har\u00e1 que \u0027hci_cmd_sync_alloc()\u0027 haga \u0027skb_put_data()\u0027 desde un \u00e1rea m\u00e1s all\u00e1 de la que realmente se pas\u00f3 a \u0027mgmt_hci_cmd_sync()\u0027."
    }
  ],
  "id": "CVE-2025-38128",
  "lastModified": "2025-07-03T15:13:53.147",
  "metrics": {},
  "published": "2025-07-03T09:15:27.043",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/03f1700b9b4d4f2fed3165370f3c23db76553178"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9eeafd16d76a7642d12b3442a26c15cd345e12f7"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.