CVE-2025-38099

Опубликовано: 03 июл. 2025

Источник: redhat

CVSS3: 5.5

Описание

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken A SCO connection without the proper voice_setting can cause the controller to lock up.

A flaw was found in the Linux kernel's Bluetooth functionality. A local attacker could exploit this vulnerability by establishing a Synchronous Connection-Oriented (SCO) connection, a type of Bluetooth link for time-sensitive data like voice, with an improper voice setting. This improper setting can cause the Bluetooth controller to lock up, leading to a denial of service (DoS) for the affected system, making it unresponsive to Bluetooth commands.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel	Under investigation
Red Hat Enterprise Linux 7	kernel-rt	Under investigation
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-1287

https://bugzilla.redhat.com/show_bug.cgi?id=2376062kernel: Linux kernel Bluetooth: Denial of Service via improper SCO voice setting

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-38099

CVSS3: 5.5

ubuntu

9 месяцев назад

CVE-2025-38099

CVSS3: 5.5

nvd

9 месяцев назад

CVE-2025-38099

msrc

4 месяца назад

Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken

CVE-2025-38099

CVSS3: 5.5

debian

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: B ...

GHSA-vhpc-7gpg-vmp3

CVSS3: 5.5

github

9 месяцев назад

5.5 Medium

CVSS3