Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early Move the creation of debugfs files into a dedicated function, and ensure they are explicitly removed during vhci_release(), before associated data structures are freed. Previously, debugfs files such as "force_suspend", "force_wakeup", and others were created under hdev->debugfs but not removed in vhci_release(). Since vhci_release() frees the backing vhci_data structure, any access to these files after release would result in use-after-free errors. Although hdev->debugfs is later freed in hci_release_dev(), user can access files after vhci_data is freed but before hdev->debugfs is released.

INFO

Published Date :

2025-09-19T15:26:31.519Z

Last Modified :

2026-01-14T19:33:11.242Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-39861 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-39861.

URL Resource
https://git.kernel.org/stable/c/1503756fffe76d5aea2371a4b8dee20c3577bcfd cve-icon cve-icon
https://git.kernel.org/stable/c/28010791193a4503f054e8d69a950ef815deb539 cve-icon cve-icon
https://git.kernel.org/stable/c/7cc08f2f127b9a66f46ea918e34353811a7cb378 cve-icon cve-icon
https://git.kernel.org/stable/c/bd75eba88e88d7b896b0c737b02a74a12afc235f cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091906-CVE-2025-39861-5ba5@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39861 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39861 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact