[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-39982":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":21,"related":22,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":34,"epss":9,"epss_history":35,"metrics":36,"affected":37},"DEBIAN-CVE-2025-39982","In the Linux kernel, the following vulnerability has been resolved:  Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync  This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, also since this also can happen with the likes of hci_le_create_conn_sync fix it as well:  BUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861 Write of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541  CPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Workqueue: hci3 hci_cmd_sync_work Call Trace:  \u003CTASK>  dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120  print_address_description mm/kasan/report.c:378 [inline]  print_report+0xca/0x230 mm/kasan/report.c:480  kasan_report+0x118/0x150 mm/kasan/report.c:593  hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861  hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332  process_one_work kernel/workqueue.c:3238 [inline]  process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321  worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402  kthread+0x70e/0x8a0 kernel/kthread.c:464  ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148  ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245  \u003C/TASK>  Allocated by task 123736:  kasan_save_stack mm/kasan/common.c:47 [inline]  kasan_save_track+0x3e/0x80 mm/kasan/common.c:68  poison_kmalloc_redzone mm/kasan/common.c:377 [inline]  __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394  kasan_kmalloc include/linux/kasan.h:260 [inline]  __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359  kmalloc_noprof include/linux/slab.h:905 [inline]  kzalloc_noprof include/linux/slab.h:1039 [inline]  __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939  hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]  hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634  pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556  hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719  hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839  sock_sendmsg_nosec net/socket.c:712 [inline]  __sock_sendmsg+0x219/0x270 net/socket.c:727  sock_write_iter+0x258/0x330 net/socket.c:1131  new_sync_write fs/read_write.c:593 [inline]  vfs_write+0x54b/0xa90 fs/read_write.c:686  ksys_write+0x145/0x250 fs/read_write.c:738  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]  do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94  entry_SYSCALL_64_after_hwframe+0x77/0x7f  Freed by task 103680:  kasan_save_stack mm/kasan/common.c:47 [inline]  kasan_save_track+0x3e/0x80 mm/kasan/common.c:68  kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576  poison_slab_object mm/kasan/common.c:247 [inline]  __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264  kasan_slab_free include/linux/kasan.h:233 [inline]  slab_free_hook mm/slub.c:2381 [inline]  slab_free mm/slub.c:4643 [inline]  kfree+0x18e/0x440 mm/slub.c:4842  device_release+0x9c/0x1c0  kobject_cleanup lib/kobject.c:689 [inline]  kobject_release lib/kobject.c:720 [inline]  kref_put include/linux/kref.h:65 [inline]  kobject_put+0x22b/0x480 lib/kobject.c:737  hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]  hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173  hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199  hci_event_func net/bluetooth/hci_event.c:7477 [inline]  hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531  hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070  process_one_work kernel/workqueue.c:3238 [inline]  process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321  worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402  kthread+0x70e/0x8a0 kernel/kthread.c:464  ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148  ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour ---truncated---",null,[],[],[],[14],{"_key":15},"CVE-2025-39982",[17,19],{"_key":18},"DLA-4379-1",{"_key":20},"DSA-6053-1",[],[],"2025-10-15T08:15:36.153Z","2026-04-28T20:30:24.730402Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28],{"url":29,"sources":30,"tags":32},"https://security-tracker.debian.org/tracker/CVE-2025-39982",[31],"osv_debian",[33],"Advisory",[],[],[],[38,56],{"ecosystem":39,"name":40,"vendor":41,"product":40,"cpe_part":9,"purl_type":42,"purl_namespace":41,"purl_name":40,"source":9,"versions":43},"Debian","linux","debian","deb",[44,50,53],{"version":45,"is_range":46,"range_type":47,"version_start":9,"version_start_type":9,"version_end":48,"version_end_type":49,"fixed_in":9},"lt6_1_158_1",true,"ecosystem","6.1.158-1","excluding",{"version":51,"is_range":46,"range_type":47,"version_start":9,"version_start_type":9,"version_end":52,"version_end_type":49,"fixed_in":9},"lt6_12_57_1","6.12.57-1",{"version":54,"is_range":46,"range_type":47,"version_start":9,"version_start_type":9,"version_end":55,"version_end_type":49,"fixed_in":9},"lt6_16_10_1","6.16.10-1",{"ecosystem":39,"name":57,"vendor":41,"product":57,"cpe_part":9,"purl_type":42,"purl_namespace":41,"purl_name":57,"source":9,"versions":58},"linux-6.1",[59],{"version":60,"is_range":46,"range_type":47,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":49,"fixed_in":9},"lt6_1_158_1~deb11u1","6.1.158-1~deb11u1"]