{"id":"CVE-2025-40283","summary":"Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF\n\nThere is a KASAN: slab-use-after-free read in btusb_disconnect().\nCalling \"usb_driver_release_interface(&btusb_driver, data-\u003eintf)\" will\nfree the btusb data associated with the interface. The same data is\nthen used later in the function, hence the UAF.\n\nFix by moving the accesses to btusb data to before the data is free'd.","modified":"2026-03-31T17:29:19.629791Z","published":"2025-12-06T21:51:07.409Z","related":["MGASA-2026-0017","MGASA-2026-0018","SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2026:20145-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40283.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1c28c1e1522c773a94e26950ffb145e88cd9834b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/23d22f2f71768034d6ef86168213843fc49bf550"},{"type":"WEB","url":"https://git.kernel.org/stable/c/297dbf87989e09af98f81f2bcb938041785557e8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5dc00065a0496c36694afe11e52a5bc64524a9b8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7a6d1e740220ff9dfcb6a8c994d6ba49e76db198"},{"type":"WEB","url":"https://git.kernel.org/stable/c/95b9b98c93b1c0916a3d4cf4540b7f5d69145a0d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a2610ecd9fd5708be8997ca8f033e4200c0bb6af"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f858f004bc343a7ae9f2533bbb2a3ab27428532f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40283.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40283"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fd913ef7ce619467c6b0644af48ba1fec499c623"},{"fixed":"297dbf87989e09af98f81f2bcb938041785557e8"},{"fixed":"f858f004bc343a7ae9f2533bbb2a3ab27428532f"},{"fixed":"7a6d1e740220ff9dfcb6a8c994d6ba49e76db198"},{"fixed":"5dc00065a0496c36694afe11e52a5bc64524a9b8"},{"fixed":"1c28c1e1522c773a94e26950ffb145e88cd9834b"},{"fixed":"95b9b98c93b1c0916a3d4cf4540b7f5d69145a0d"},{"fixed":"a2610ecd9fd5708be8997ca8f033e4200c0bb6af"},{"fixed":"23d22f2f71768034d6ef86168213843fc49bf550"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40283.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.11.0"},{"fixed":"5.4.302"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.247"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.197"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.159"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.117"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.59"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40283.json"}}],"schema_version":"1.7.5"}