CVE-2025-39861
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: vhci: Prevent use-after-free by removing debugfs files early
Move the creation of debugfs files into a dedicated function, and ensure they are explicitly removed during vhci_release(), before associated data structures are freed.
Previously, debugfs files such as "force_suspend", "force_wakeup", and others were created under hdev->debugfs but not removed in vhci_release(). Since vhci_release() frees the backing vhci_data structure, any access to these files after release would result in use-after-free errors.
Although hdev->debugfs is later freed in hci_release_dev(), user can access files after vhci_data is freed but before hdev->debugfs is released.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.4 | 6.6.105 |
| linux / linux_kernel | 6.7 | 6.12.46 |
| linux / linux_kernel | 6.13 | 6.16.6 |
| linux / linux_kernel | 6.17-rc1 | 6.17-rc1.x |
| linux / linux_kernel | 6.17-rc2 | 6.17-rc2.x |
| linux / linux_kernel | 6.17-rc3 | 6.17-rc3.x |
| linux / linux_kernel | 6.17-rc4 | 6.17-rc4.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime