CVE-2025-21827 — Improper Locking in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 91.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 6
Latest updateMay 28
Description
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
The documentation for usb_driver_claim_interface() says that "the
device lock" is needed when the function is called from places other
than probe(). This appears to be the lock for the USB interface
device. The Mediatek btusb code gets called via this path:
Workqueue: hci0 hci_power_on [bluetooth]
Call trace:
usb_driver_claim_interface
btusb_mtk_claim_iso_…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linuxceac1cb0259de682d78f5c784ef8e0b13022e9d9 — 930e1790b99e5839e1af69d2f7fd808f1fba2df9+3
Patches
🔴Vulnerability Details
5OSV▶
linux, linux-azure, linux-azure-6.11, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oem-6.11, linux-raspi, linux-realtime vulnerabilities↗2025-05-20
OSV▶
CVE-2025-21827: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface() The documen↗2025-03-06
GHSA▶
GHSA-448g-f6xx-9xfw: In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: btusb: mediatek: Add locks for usb_driver_claim_interface()
The docum↗2025-03-06
📋Vendor Advisories
5Debian▶
CVE-2025-21827: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...↗2025