[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-39983":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":14,"duplicates":27,"related":28,"reserved_at":9,"published_at":29,"modified_at":30,"state":31,"summary":32,"references_raw":36,"kevs":47,"epss":48,"epss_history":51,"metrics":317,"affected":318},"CVE-2025-39983","In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue\n\nThis fixes the following UAF caused by not properly locking hdev when\nprocessing HCI_EV_NUM_COMP_PKTS:\n\nBUG: KASAN: slab-use-after-free in hci_conn_tx_dequeue+0x1be/0x220 net/bluetooth/hci_conn.c:3036\nRead of size 4 at addr ffff8880740f0940 by task kworker/u11:0/54\n\nCPU: 1 UID: 0 PID: 54 Comm: kworker/u11:0 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \u003CTASK>\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_conn_tx_dequeue+0x1be/0x220 net/bluetooth/hci_conn.c:3036\n hci_num_comp_pkts_evt+0x1c8/0xa50 net/bluetooth/hci_event.c:4404\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003C/TASK>\n\nAllocated by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n le_conn_complete_evt+0x3d6/0x1220 net/bluetooth/hci_event.c:5628\n hci_le_enh_conn_complete_evt+0x189/0x470 net/bluetooth/hci_event.c:5794\n hci_event_func net/bluetooth/hci_event.c:7474 [inline]\n hci_event_packet+0x78c/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n\nFreed by task 9572:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_abort_conn_sync+0x5d1/0xdf0 net/bluetooth/hci_sync.c:5689\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245",null,[],[],[],[],[15,17,19,21,23,25],{"_key":16},"RHSA-2025:21469",{"_key":18},"DEBIAN-CVE-2025-39983",{"_key":20},"RHSA-2025:22854",{"_key":22},"RHSA-2026:0271",{"_key":24},"RHSA-2026:0457",{"_key":26},"UBUNTU-CVE-2025-39983",[],[],"2025-10-15T07:56:02.752Z","2026-05-11T21:40:12.263Z","Deferred",{"cisa_kev":33,"cisa_ransomware":33,"cisa_vendor":9,"epss_severity":34,"epss_score":35,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":31},false,"low",0.00027,[37,43],{"url":38,"sources":39,"tags":42},"https://git.kernel.org/stable/c/dde33124f17cf3bab4dc5e18d1b4dee128361061",[40,41],"cve.org","nvd",[],{"url":44,"sources":45,"tags":46},"https://git.kernel.org/stable/c/2e128683176a56459cef8705fc7c35f438f88abd",[40,41],[],[],{"date":49,"score":35,"percentile":50},"2026-06-04",0.08057,[52,56,59,62,65,68,71,74,77,80,83,86,89,93,96,99,102,105,108,111,114,117,120,123,126,129,132,135,138,141,144,147,150,153,156,158,161,164,167,170,173,176,179,182,185,188,191,194,197,200,202,205,208,211,214,217,220,223,225,228,231,234,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,295,298,301,304,307,310,312,315],{"date":53,"score":54,"percentile":55},"2025-11-04",0.00024,0.05223,{"date":57,"score":54,"percentile":58},"2025-11-05",0.05226,{"date":60,"score":54,"percentile":61},"2025-11-06",0.05341,{"date":63,"score":54,"percentile":64},"2025-11-07",0.05352,{"date":66,"score":54,"percentile":67},"2025-11-08",0.05344,{"date":69,"score":54,"percentile":70},"2025-11-09",0.05345,{"date":72,"score":54,"percentile":73},"2025-11-10",0.0532,{"date":75,"score":54,"percentile":76},"2025-11-11",0.05349,{"date":78,"score":54,"percentile":79},"2025-11-12",0.05362,{"date":81,"score":54,"percentile":82},"2025-11-13",0.05378,{"date":84,"score":54,"percentile":85},"2025-11-14",0.05416,{"date":87,"score":54,"percentile":88},"2025-11-15",0.05443,{"date":90,"score":91,"percentile":92},"2025-11-16",0.00026,0.06249,{"date":94,"score":91,"percentile":95},"2025-11-17",0.06239,{"date":97,"score":91,"percentile":98},"2025-11-18",0.0373,{"date":100,"score":91,"percentile":101},"2025-11-19",0.03783,{"date":103,"score":91,"percentile":104},"2025-11-20",0.0385,{"date":106,"score":91,"percentile":107},"2025-11-21",0.06359,{"date":109,"score":91,"percentile":110},"2025-11-22",0.06311,{"date":112,"score":91,"percentile":113},"2025-11-23",0.06289,{"date":115,"score":91,"percentile":116},"2025-11-24",0.06264,{"date":118,"score":91,"percentile":119},"2025-11-25",0.06253,{"date":121,"score":91,"percentile":122},"2025-11-26",0.06272,{"date":124,"score":91,"percentile":125},"2025-11-27",0.06284,{"date":127,"score":91,"percentile":128},"2025-11-28",0.06261,{"date":130,"score":91,"percentile":131},"2025-11-29",0.06306,{"date":133,"score":91,"percentile":134},"2025-11-30",0.063,{"date":136,"score":91,"percentile":137},"2025-12-01",0.06365,{"date":139,"score":91,"percentile":140},"2025-12-02",0.06379,{"date":142,"score":91,"percentile":143},"2025-12-03",0.06391,{"date":145,"score":91,"percentile":146},"2025-12-04",0.06361,{"date":148,"score":91,"percentile":149},"2025-12-05",0.06412,{"date":151,"score":91,"percentile":152},"2025-12-06",0.0642,{"date":154,"score":91,"percentile":155},"2025-12-07",0.06426,{"date":157,"score":91,"percentile":149},"2025-12-08",{"date":159,"score":91,"percentile":160},"2025-12-09",0.06469,{"date":162,"score":91,"percentile":163},"2025-12-10",0.06541,{"date":165,"score":91,"percentile":166},"2025-12-11",0.06535,{"date":168,"score":91,"percentile":169},"2025-12-12",0.06553,{"date":171,"score":91,"percentile":172},"2025-12-13",0.06584,{"date":174,"score":91,"percentile":175},"2025-12-14",0.06558,{"date":177,"score":91,"percentile":178},"2025-12-15",0.06529,{"date":180,"score":91,"percentile":181},"2025-12-16",0.0655,{"date":183,"score":91,"percentile":184},"2025-12-17",0.06638,{"date":186,"score":91,"percentile":187},"2025-12-18",0.06698,{"date":189,"score":91,"percentile":190},"2025-12-19",0.06687,{"date":192,"score":91,"percentile":193},"2025-12-20",0.06681,{"date":195,"score":91,"percentile":196},"2025-12-21",0.06671,{"date":198,"score":35,"percentile":199},"2025-12-22",0.07104,{"date":201,"score":35,"percentile":199},"2025-12-23",{"date":203,"score":35,"percentile":204},"2025-12-24",0.07125,{"date":206,"score":35,"percentile":207},"2025-12-25",0.07193,{"date":209,"score":35,"percentile":210},"2025-12-26",0.07199,{"date":212,"score":35,"percentile":213},"2025-12-27",0.07194,{"date":215,"score":35,"percentile":216},"2025-12-28",0.07196,{"date":218,"score":35,"percentile":219},"2025-12-29",0.07177,{"date":221,"score":35,"percentile":222},"2025-12-30",0.07152,{"date":224,"score":35,"percentile":216},"2025-12-31",{"date":226,"score":35,"percentile":227},"2026-01-01",0.07258,{"date":229,"score":35,"percentile":230},"2026-01-02",0.07254,{"date":232,"score":35,"percentile":233},"2026-01-03",0.07248,{"date":235,"score":35,"percentile":219},"2026-01-04",{"date":237,"score":35,"percentile":238},"2026-01-05",0.07127,{"date":240,"score":35,"percentile":241},"2026-01-06",0.0712,{"date":243,"score":35,"percentile":244},"2026-01-07",0.07144,{"date":246,"score":35,"percentile":247},"2026-01-08",0.07203,{"date":249,"score":35,"percentile":250},"2026-01-09",0.07218,{"date":252,"score":35,"percentile":253},"2026-01-10",0.07247,{"date":255,"score":35,"percentile":256},"2026-01-11",0.07233,{"date":258,"score":35,"percentile":259},"2026-01-12",0.07204,{"date":261,"score":35,"percentile":262},"2026-01-13",0.0719,{"date":264,"score":35,"percentile":265},"2026-01-14",0.07234,{"date":267,"score":35,"percentile":268},"2026-01-15",0.07241,{"date":270,"score":35,"percentile":271},"2026-01-16",0.07256,{"date":273,"score":35,"percentile":274},"2026-01-17",0.07265,{"date":276,"score":35,"percentile":277},"2026-01-18",0.07239,{"date":279,"score":35,"percentile":280},"2026-01-19",0.07207,{"date":282,"score":35,"percentile":283},"2026-01-20",0.07173,{"date":285,"score":35,"percentile":286},"2026-01-21",0.07165,{"date":288,"score":35,"percentile":289},"2026-01-22",0.07143,{"date":291,"score":35,"percentile":292},"2026-01-23",0.07201,{"date":294,"score":35,"percentile":271},"2026-01-24",{"date":296,"score":35,"percentile":297},"2026-01-25",0.07242,{"date":299,"score":35,"percentile":300},"2026-01-26",0.07226,{"date":302,"score":35,"percentile":303},"2026-01-27",0.0721,{"date":305,"score":35,"percentile":306},"2026-01-28",0.07188,{"date":308,"score":35,"percentile":309},"2026-01-29",0.07181,{"date":311,"score":35,"percentile":207},"2026-01-30",{"date":313,"score":35,"percentile":314},"2026-01-31",0.07216,{"date":316,"score":35,"percentile":253},"2026-02-01",[],[319],{"ecosystem":9,"name":320,"vendor":321,"product":321,"cpe_part":322,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":323},"Linux","linux","a",[324,331,334],{"version":325,"is_range":326,"range_type":40,"version_start":327,"version_start_type":328,"version_end":329,"version_end_type":330,"fixed_in":9},">= 134f4b39df7b77225a80ef585c15d46f964f5e6f, \u003C dde33124f17cf3bab4dc5e18d1b4dee128361061",true,"134f4b39df7b77225a80ef585c15d46f964f5e6f","including","dde33124f17cf3bab4dc5e18d1b4dee128361061","excluding",{"version":332,"is_range":326,"range_type":40,"version_start":327,"version_start_type":328,"version_end":333,"version_end_type":330,"fixed_in":9},">= 134f4b39df7b77225a80ef585c15d46f964f5e6f, \u003C 2e128683176a56459cef8705fc7c35f438f88abd","2e128683176a56459cef8705fc7c35f438f88abd",{"version":335,"is_range":33,"range_type":40,"version_start":335,"version_start_type":328,"version_end":335,"version_end_type":328,"fixed_in":9},"6.15"]