{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-38303", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.002Z", "datePublished": "2025-07-10T07:42:14.728Z", "dateUpdated": "2026-05-11T21:25:22.081Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:25:22.081Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/eir.c", "net/bluetooth/eir.h", "net/bluetooth/hci_sync.c"], "versions": [{"version": "01ce70b0a274bd76a5a311fb90d4d446d9bdfea1", "lessThan": "2d4588f55cc10fc228f3b46469dbfb3f0a8b13c8", "status": "affected", "versionType": "git"}, {"version": "01ce70b0a274bd76a5a311fb90d4d446d9bdfea1", "lessThan": "2af40d795d3fb0ee5c074b7ac56ab22402aa6e4f", "status": "affected", "versionType": "git"}, {"version": "01ce70b0a274bd76a5a311fb90d4d446d9bdfea1", "lessThan": "b9db0c27e73b7c8a19384a44af527edfda74ff3d", "status": "affected", "versionType": "git"}, {"version": "01ce70b0a274bd76a5a311fb90d4d446d9bdfea1", "lessThan": "47c03902269aff377f959dc3fd94a9733aa31d6e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/bluetooth/eir.c", "net/bluetooth/eir.h", "net/bluetooth/hci_sync.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.34", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15.3", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.12.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.15.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.16"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2d4588f55cc10fc228f3b46469dbfb3f0a8b13c8"}, {"url": "https://git.kernel.org/stable/c/2af40d795d3fb0ee5c074b7ac56ab22402aa6e4f"}, {"url": "https://git.kernel.org/stable/c/b9db0c27e73b7c8a19384a44af527edfda74ff3d"}, {"url": "https://git.kernel.org/stable/c/47c03902269aff377f959dc3fd94a9733aa31d6e"}], "title": "Bluetooth: eir: Fix possible crashes on eir_create_adv_data", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE65E176-D370-4F66-971E-A0E3513C9C2B", "versionEndExcluding": "6.12.34", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: eir: Fix possible crashes on eir_create_adv_data\n\neir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER\nwithout checking if that would fit."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: eir: Se solucionan posibles fallos en eir_create_adv_data eir_create_adv_data puede intentar agregar EIR_FLAGS y EIR_TX_POWER sin verificar si encajan."}], "id": "CVE-2025-38303", "lastModified": "2026-04-11T13:16:35.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-10T08:15:29.090", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2af40d795d3fb0ee5c074b7ac56ab22402aa6e4f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2d4588f55cc10fc228f3b46469dbfb3f0a8b13c8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47c03902269aff377f959dc3fd94a9733aa31d6e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9db0c27e73b7c8a19384a44af527edfda74ff3d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Bluetooth: eir: Fix possible crashes on eir_create_adv_data", "id": "2379174", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379174"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2025-38303", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-38303\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38303\nhttps://lore.kernel.org/linux-cve-announce/2025071013-CVE-2025-38303-b6ab@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-21T19:46:22.852675+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a patched release that contains the fix for CVE\u20112025\u201138303.", "Reboot the system to activate the updated kernel and ensure the Bluetooth stack is running the new code.", "If an immediate kernel update is not possible, consider disabling Bluetooth advertising or reducing the advertising payload size to avoid triggering the crash until a patch can be applied."], "summary": {"action": "Patch", "impact": "Denial of Service (Crash)"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to all Linux kernel releases that include the eir_create_adv_data implementation, as indicated by the CPE entries for the Linux kernel and the 6.16 release candidate. Systems that load the kernel module for Bluetooth and expose advertising services are at risk. Any installation of the Linux kernel that has not been updated to the patched version can be affected.", "description_and_impact": "The flaw exists in the Bluetooth eir_create_adv_data function, which may attempt to add EIR_FLAGS and EIR_TX_POWER entries to an advertising payload without verifying that the buffer has enough space. This lack of bounds checking can cause the kernel Bluetooth stack to crash, leading to a local denial\u2011of\u2011service condition for Bluetooth services. No specific CWE is identified in the advisory, but the behavior reflects a classic buffer overflow scenario.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate damage to availability. The EPSS score of less than 1\u202f% suggests a low probability of exploitation, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the most likely attack vector would involve an attacker controlling privileged processes that construct Bluetooth advertising packets, or exploiting device drivers that pass malformed data to the kernel. Exploitation would result in a crash of the Bluetooth stack but would not grant arbitrary code execution or compromise system integrity."}}}}, "created": "2025-07-13T11:06:37.887253+00:00", "updated": "2026-04-21T20:00:25.884541+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}