CVE-2025-22007

Bluetooth: Fix error code in chan_alloc_skb_cb()

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chan_alloc_skb_cb() The chan_alloc_skb_cb() function is supposed to return error pointers on error. Returning NULL will lead to a NULL dereference.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b3d607e36fef4bd05fb938a8a868ff70e9fedbe2
https://git.kernel.org/stable/c/1bd68db7beb426ab5a45d81516ed9611284affc8
https://git.kernel.org/stable/c/76304cba8cba12bb10d89d016c28403a2dd89a29
https://git.kernel.org/stable/c/788ae2ae4cf484e248b5bc29211c7ac6510e3e92 patch
https://git.kernel.org/stable/c/ecd06ad0823a90b4420c377ef8917e44e23ee841 patch
https://git.kernel.org/stable/c/761b7c36addd22c7e6ceb05caaadc3b062d99faa patch
https://git.kernel.org/stable/c/a78692ec0d1e17a96b09f2349a028878f5b305e4 patch
https://git.kernel.org/stable/c/72d061ee630d0dbb45c2920d8d19b3861c413e54 patch

Frequently Asked Questions

What is the severity of CVE-2025-22007?
CVE-2025-22007 has been scored as a medium severity vulnerability.
How to fix CVE-2025-22007?
To fix CVE-2025-22007, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-22007 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-22007 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-22007?
CVE-2025-22007 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.