CVE-2025-71082

{"id": "CVE-2025-71082", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-71082", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-06-10T20:41:23.595912Z"}}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "affected": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "affectedData": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "98921dbd00c4e2e4bdd56423cb5edf98d57b45f7", "lessThan": "fff9206b0907252a41eb12b7c1407b9347df18b1", "versionType": "git"}, {"status": "affected", "version": "98921dbd00c4e2e4bdd56423cb5edf98d57b45f7", "lessThan": "cca0e9206e3bcc63cd3e72193e60149165d493cc", "versionType": "git"}, {"status": "affected", "version": "98921dbd00c4e2e4bdd56423cb5edf98d57b45f7", "lessThan": "c0ecb3e4451fe94f4315e6d09c4046dfbc42090b", "versionType": "git"}, {"status": "affected", "version": "98921dbd00c4e2e4bdd56423cb5edf98d57b45f7", "lessThan": "1e54c19eaf84ba652c4e376571093e58e144b339", "versionType": "git"}, {"status": "affected", "version": "98921dbd00c4e2e4bdd56423cb5edf98d57b45f7", "lessThan": "fdf7c640fb8a44a59b0671143d8c2f738bc48003", "versionType": "git"}, {"status": "affected", "version": "98921dbd00c4e2e4bdd56423cb5edf98d57b45f7", "lessThan": "252714f1e8bdd542025b16321c790458014d6880", "versionType": "git"}], "programFiles": ["drivers/bluetooth/btusb.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.7"}, {"status": "unaffected", "version": "0", "lessThan": "3.7", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.198", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.160", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.120", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.12.64", "versionType": "semver", "lessThanOrEqual": "6.12.*"}, {"status": "unaffected", "version": "6.18.4", "versionType": "semver", "lessThanOrEqual": "6.18.*"}, {"status": "unaffected", "version": "6.19", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/bluetooth/btusb.c"], "defaultStatus": "affected"}]}], "published": "2026-01-13T16:16:07.780", "references": [{"url": "https://git.kernel.org/stable/c/1e54c19eaf84ba652c4e376571093e58e144b339", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/252714f1e8bdd542025b16321c790458014d6880", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c0ecb3e4451fe94f4315e6d09c4046dfbc42090b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cca0e9206e3bcc63cd3e72193e60149165d493cc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fdf7c640fb8a44a59b0671143d8c2f738bc48003", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fff9206b0907252a41eb12b7c1407b9347df18b1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: revert use of devm_kzalloc in btusb\n\nThis reverts commit 98921dbd00c4e (\"Bluetooth: Use devm_kzalloc in\nbtusb.c file\").\n\nIn btusb_probe(), we use devm_kzalloc() to allocate the btusb data. This\nties the lifetime of all the btusb data to the binding of a driver to\none interface, INTF. In a driver that binds to other interfaces, ISOC\nand DIAG, this is an accident waiting to happen.\n\nThe issue is revealed in btusb_disconnect(), where calling\nusb_driver_release_interface(&btusb_driver, data->intf) will have devm\nfree the data that is also being used by the other interfaces of the\ndriver that may not be released yet.\n\nTo fix this, revert the use of devm and go back to freeing memory\nexplicitly."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nBluetooth: btusb: revertir el uso de devm_kzalloc en btusb\n\nEsto revierte el commit 98921dbd00c4e ('Bluetooth: Usar devm_kzalloc en el archivo btusb.c').\n\nEn btusb_probe(), usamos devm_kzalloc() para asignar los datos de btusb. Esto vincula la vida \u00fatil de todos los datos de btusb a la vinculaci\u00f3n de un controlador a una interfaz, INTF. En un controlador que se vincula a otras interfaces, ISOC y DIAG, esto es un accidente a punto de ocurrir.\n\nEl problema se revela en btusb_disconnect(), donde llamar a usb_driver_release_interface(&btusb_driver, data->intf) har\u00e1 que devm libere los datos que tambi\u00e9n est\u00e1n siendo utilizados por las otras interfaces del controlador que quiz\u00e1s a\u00fan no se hayan liberado.\n\nPara solucionar esto, se revierte el uso de devm y se vuelve a liberar la memoria expl\u00edcitamente."}], "lastModified": "2026-06-17T10:03:37.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04178DFF-C064-47C6-B0FD-9D0B84808F0D", "versionEndExcluding": "5.15.198", "versionStartIncluding": "3.7.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C10CC03E-16A9-428A-B449-40D3763E15F6", "versionEndExcluding": "6.1.160", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43C3A206-5EEE-417B-AA0F-EF8972E7A9F0", "versionEndExcluding": "6.6.120", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32BF4A52-377C-44ED-B5E6-7EA5D896E98B", "versionEndExcluding": "6.12.64", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC988EA0-0E32-457A-BF95-89BEB31A227B", "versionEndExcluding": "6.18.4", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F482CC77-4452-423A-8A57-523E1AEA1087"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5B7DFC-C36B-45D8-922C-877569FDDF43"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}