What is CVE-2025-40308?

CVE-2025-40308 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.4.293 onward and patched in 5.4.302, 5.10.247, 5.15.197 and others. CVE-2025-40308 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40308?

CVE-2025-40308 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40308?

Yes, CVE-2025-40308 has been patched. Fixed versions include 5.4.302, 5.10.247, 5.15.197 and others. If you are running Linux kernel 5.4.293 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40308 actively exploited?

CVE-2025-40308 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40308

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsp_recv() can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f] RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590 Call Trace: <TASK> hci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627 tiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290 tty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f To prevent this, ensure that the HCI_UART_REGISTERED flag is set before processing received data. If the protocol is not registered, return -EUNATCH.

Package Linux Kernel

Published 2025-12-08

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.4.293, 5.10.237, 5.15.181, 6.1.135, 6.6.88, 6.12.24, 6.13.12, 6.14.3, 6.15 and later are affected. Fixed in 5.4.302, 5.10.247, 5.15.197, 6.1.159, 6.6.117, 6.12.58, 6.17.8, 6.18 and their respective stable series.

Affected from

≥ 5.4.293 ≥ 5.10.237 ≥ 5.15.181 ≥ 6.1.135 ≥ 6.6.88 ≥ 6.12.24 ≥ 6.13.12 ≥ 6.14.3 ≥ 6.15

Fixed in

✓ 5.4.302 5.4.x ✓ 5.10.247 5.10.x ✓ 5.15.197 5.15.x ✓ 6.1.159 6.1.x ✓ 6.6.117 6.6.x ✓ 6.12.58 6.12.x ✓ 6.17.8 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40308 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/164586725b47f9d61912e6bf17dbaffeff11710b
Patch
Kernel patch commit
https://git.kernel.org/stable/c/39a7d40314b6288cfa2d13269275e9247a7a055a
Patch
Kernel patch commit
https://git.kernel.org/stable/c/55c1519fca830f59a10bbf9aa8209c87b06cf7bc
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-40308?

CVE-2025-40308 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.4.293 onward and has been patched in 5.4.302, 5.10.247, 5.15.197 and others. CVE-2025-40308 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40308?

Yes — CVE-2025-40308 has been patched. Fixed versions include 5.4.302, 5.10.247, 5.15.197 and others. If you are running Linux kernel 5.4.293 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40308 actively exploited?

No — CVE-2025-40308 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.