CVE-2025-38315

Bluetooth: btintel: Check dsbr size from EFI variable

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btintel_dsbr is already known, we can just
start there instead of querying the EFI variable size. If the final
result doesn't match what we expect also fail. This fixes a stack buffer
overflow when the EFI variable is larger than struct btintel_dsbr.

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btintel_dsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also fail. This fixes a stack buffer overflow when the EFI variable is larger than struct btintel_dsbr.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-10 CVE Published
2025-07-10 CVE Updated
2025-07-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/eb9e749c0182affafadfbe5ded4503c4b5a9b57c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9427f6081f37c795a8bd29d0ee72a4da3bd64af8	2025-06-19
https://git.kernel.org/stable/c/7b8526bb489780ccc0caffc446ecabec83cfe568	2025-06-19
https://git.kernel.org/stable/c/3aa1dc3c9060e335e82e9c182bf3d1db29220b1b	2025-05-22

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.12.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.12.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.15.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.15.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.16-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.16-rc1"		en		Affected