{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-40141","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.171Z","datePublished":"2025-11-12T10:23:24.856Z","dateUpdated":"2026-05-11T21:43:33.082Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:43:33.082Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix possible UAF on iso_conn_free\n\nThis attempt to fix similar issue to sco_conn_free where if the\nconn->sk is not set to NULL may lead to UAF on iso_conn_free."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/bluetooth/iso.c"],"versions":[{"version":"ccf74f2390d60a2f9a75ef496d2564abb478f46a","lessThan":"eba6d787ec117a5d2c60f9644e0a39c18542b6be","status":"affected","versionType":"git"},{"version":"ccf74f2390d60a2f9a75ef496d2564abb478f46a","lessThan":"5319145a07d8bf5b0782b25cb3115825689d42bb","status":"affected","versionType":"git"},{"version":"ccf74f2390d60a2f9a75ef496d2564abb478f46a","lessThan":"80689777919f02328eb873769de4647c9dd3e371","status":"affected","versionType":"git"},{"version":"ccf74f2390d60a2f9a75ef496d2564abb478f46a","lessThan":"c92ad1a155ccfa38b87bd1d998287e1c0a24248d","status":"affected","versionType":"git"},{"version":"ccf74f2390d60a2f9a75ef496d2564abb478f46a","lessThan":"9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/bluetooth/iso.c"],"versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","status":"unaffected","versionType":"semver"},{"version":"6.1.156","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.112","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.53","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.3","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.156"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.6.112"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.12.53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.17.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/eba6d787ec117a5d2c60f9644e0a39c18542b6be"},{"url":"https://git.kernel.org/stable/c/5319145a07d8bf5b0782b25cb3115825689d42bb"},{"url":"https://git.kernel.org/stable/c/80689777919f02328eb873769de4647c9dd3e371"},{"url":"https://git.kernel.org/stable/c/c92ad1a155ccfa38b87bd1d998287e1c0a24248d"},{"url":"https://git.kernel.org/stable/c/9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8"}],"title":"Bluetooth: ISO: Fix possible UAF on iso_conn_free","x_generator":{"engine":"bippy-1.2.0"}}}}