Home

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has header_ops, so it must set link-local header for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW Add missing skb_reset_mac_header() for uncompressed ipv6 RX path. For the compressed one, it is done in lowpan_header_decompress(). Log: (BlueZ 6lowpan-tester Client Recv Raw - Success) ------ kernel BUG at net/core/skbuff.c:212! Call Trace: <IRQ> ... packet_rcv (net/packet/af_packet.c:2152) ... <TASK> __local_bh_enable_ip (kernel/softirq.c:407) netif_rx (net/core/dev.c:5648) chan_recv_cb (net/bluetooth/6lowpan.c:294 net/bluetooth/6lowpan.c:359) ------

PUBLISHED Reserved 2025-04-16 | Published 2025-12-06 | Updated 2025-12-06 | Assigner Linux

Product status

Default status
unaffected

18722c247023035b9e2e2a08a887adec2a9a6e49 (git) before ea46a1d217bc82e01cf3d0424e50ebfe251e34bf
affected

18722c247023035b9e2e2a08a887adec2a9a6e49 (git) before 973e0271754c77db3e1b6b69adf2de85a79a4c8b
affected

18722c247023035b9e2e2a08a887adec2a9a6e49 (git) before d566e9a2bfc848941b091ffd5f4e12c4e889d818
affected

18722c247023035b9e2e2a08a887adec2a9a6e49 (git) before 4ebb90c3c309e6375dc3e841af92e2a039843e62
affected

18722c247023035b9e2e2a08a887adec2a9a6e49 (git) before c24ac6cfe4f9a47180a65592c47e7a310d2f9d93
affected

18722c247023035b9e2e2a08a887adec2a9a6e49 (git) before 11cd7e068381666f842ad41d1cc58eecd0c75237
affected

18722c247023035b9e2e2a08a887adec2a9a6e49 (git) before 70d84e7c3a44b81020a3c3d650a64c63593405bd
affected

18722c247023035b9e2e2a08a887adec2a9a6e49 (git) before 3b78f50918276ab28fb22eac9aa49401ac436a3b
affected

Default status
affected

3.14
affected

Any version before 3.14
unaffected

5.4.302 (semver)
unaffected

5.10.247 (semver)
unaffected

5.15.197 (semver)
unaffected

6.1.159 (semver)
unaffected

6.6.117 (semver)
unaffected

6.12.59 (semver)
unaffected

6.17.9 (semver)
unaffected

6.18 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/ea46a1d217bc82e01cf3d0424e50ebfe251e34bf

git.kernel.org/...c/973e0271754c77db3e1b6b69adf2de85a79a4c8b

git.kernel.org/...c/d566e9a2bfc848941b091ffd5f4e12c4e889d818

git.kernel.org/...c/4ebb90c3c309e6375dc3e841af92e2a039843e62

git.kernel.org/...c/c24ac6cfe4f9a47180a65592c47e7a310d2f9d93

git.kernel.org/...c/11cd7e068381666f842ad41d1cc58eecd0c75237

git.kernel.org/...c/70d84e7c3a44b81020a3c3d650a64c63593405bd

git.kernel.org/...c/3b78f50918276ab28fb22eac9aa49401ac436a3b

cve.org (CVE-2025-40282)

nvd.nist.gov (CVE-2025-40282)

Download JSON