CVE-2025-37792

Bluetooth: btrtl: Prevent potential NULL dereference

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() either had an error or it loaded a zero length file. However, if it loaded a zero length file then the error code is not set correctly. It results in an error pointer vs NULL bug, followed by a NULL pointer dereference. This was detected by Smatch: drivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR'

N/A
CVSS
Severity:
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c3e9717276affe59fd8213706db021b493e81e34
https://git.kernel.org/stable/c/73dc99c0ea94abd22379b2d82cacbc73f3e18ec1
https://git.kernel.org/stable/c/2d7c60c2a38b4b461fa960ad0995136a6bfe0756
https://git.kernel.org/stable/c/d8441818690d795232331bd8358545c5c95b6b72
https://git.kernel.org/stable/c/3db6605043b50c8bb768547b23e0222f67ceef3e
https://git.kernel.org/stable/c/aaf356f872a60db1e96fb762a62c4607fd22741f
https://git.kernel.org/stable/c/53ceef799dcfc22c734d600811bfc9dd32eaea0a
https://git.kernel.org/stable/c/324dddea321078a6eeb535c2bff5257be74c9799

Frequently Asked Questions

What is the severity of CVE-2025-37792?
CVE-2025-37792 has not yet been assigned a CVSS score.
How to fix CVE-2025-37792?
To fix CVE-2025-37792, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-37792 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-37792 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-37792?
CVE-2025-37792 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.