Vulnerability Database

314,496

Total vulnerabilities in the database

CVE-2025-40318

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once

hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the same entry, leading to double list_del() and "UAF".

Fix this by holding cmd_sync_work_lock across both lookup and cancel, so that the entry cannot be removed concurrently.

Published: Dec 8, 2025
Updated: Dec 9, 2025
CVE: CVE-2025-40318
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

https://git.kernel.org/stable/c/09b0cd1297b4dbfe736aeaa0ceeab2265f47f772
https://git.kernel.org/stable/c/0a94f7e017438935c09ef833a1aa908ad9875213
https://git.kernel.org/stable/c/932c0a4f77ac13e526fdd5b42914d29c9821d389
https://git.kernel.org/stable/c/9cd536970192b72257afcdfba0bfc09993e6f19c
https://git.kernel.org/stable/c/ae76cf6c2c842944c6514c57df54d728f1916553

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo