[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2025-39983":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":33},"DEBIAN-CVE-2025-39983","In the Linux kernel, the following vulnerability has been resolved:  Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue  This fixes the following UAF caused by not properly locking hdev when processing HCI_EV_NUM_COMP_PKTS:  BUG: KASAN: slab-use-after-free in hci_conn_tx_dequeue+0x1be/0x220 net/bluetooth/hci_conn.c:3036 Read of size 4 at addr ffff8880740f0940 by task kworker/u11:0/54  CPU: 1 UID: 0 PID: 54 Comm: kworker/u11:0 Not tainted 6.16.0-rc7 #3 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Workqueue: hci1 hci_rx_work Call Trace:  \u003CTASK>  dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120  print_address_description mm/kasan/report.c:378 [inline]  print_report+0xca/0x230 mm/kasan/report.c:480  kasan_report+0x118/0x150 mm/kasan/report.c:593  hci_conn_tx_dequeue+0x1be/0x220 net/bluetooth/hci_conn.c:3036  hci_num_comp_pkts_evt+0x1c8/0xa50 net/bluetooth/hci_event.c:4404  hci_event_func net/bluetooth/hci_event.c:7477 [inline]  hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531  hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070  process_one_work kernel/workqueue.c:3238 [inline]  process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321  worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402  kthread+0x70e/0x8a0 kernel/kthread.c:464  ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148  ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245  \u003C/TASK>  Allocated by task 54:  kasan_save_stack mm/kasan/common.c:47 [inline]  kasan_save_track+0x3e/0x80 mm/kasan/common.c:68  poison_kmalloc_redzone mm/kasan/common.c:377 [inline]  __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394  kasan_kmalloc include/linux/kasan.h:260 [inline]  __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359  kmalloc_noprof include/linux/slab.h:905 [inline]  kzalloc_noprof include/linux/slab.h:1039 [inline]  __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939  le_conn_complete_evt+0x3d6/0x1220 net/bluetooth/hci_event.c:5628  hci_le_enh_conn_complete_evt+0x189/0x470 net/bluetooth/hci_event.c:5794  hci_event_func net/bluetooth/hci_event.c:7474 [inline]  hci_event_packet+0x78c/0x1200 net/bluetooth/hci_event.c:7531  hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070  process_one_work kernel/workqueue.c:3238 [inline]  process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321  worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402  kthread+0x70e/0x8a0 kernel/kthread.c:464  ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148  ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245  Freed by task 9572:  kasan_save_stack mm/kasan/common.c:47 [inline]  kasan_save_track+0x3e/0x80 mm/kasan/common.c:68  kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576  poison_slab_object mm/kasan/common.c:247 [inline]  __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264  kasan_slab_free include/linux/kasan.h:233 [inline]  slab_free_hook mm/slub.c:2381 [inline]  slab_free mm/slub.c:4643 [inline]  kfree+0x18e/0x440 mm/slub.c:4842  device_release+0x9c/0x1c0  kobject_cleanup lib/kobject.c:689 [inline]  kobject_release lib/kobject.c:720 [inline]  kref_put include/linux/kref.h:65 [inline]  kobject_put+0x22b/0x480 lib/kobject.c:737  hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]  hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173  hci_abort_conn_sync+0x5d1/0xdf0 net/bluetooth/hci_sync.c:5689  hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332  process_one_work kernel/workqueue.c:3238 [inline]  process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321  worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402  kthread+0x70e/0x8a0 kernel/kthread.c:464  ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148  ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245",null,[],[],[],[14],{"_key":15},"CVE-2025-39983",[],[],[],"2025-10-15T08:15:36.280Z","2026-04-28T20:30:24.722284Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2025-39983",[27],"osv_debian",[29],"Advisory",[],[],[],[34],{"ecosystem":35,"name":36,"vendor":37,"product":36,"cpe_part":9,"purl_type":38,"purl_namespace":37,"purl_name":36,"source":9,"versions":39},"Debian","linux","debian","deb",[40],{"version":41,"is_range":42,"range_type":43,"version_start":9,"version_start_type":9,"version_end":44,"version_end_type":45,"fixed_in":9},"lt6_16_10_1",true,"ecosystem","6.16.10-1","excluding"]