CVE-2025-21969: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21969 is a use-after-free vulnerability discovered in the Linux kernel's Bluetooth L2CAP implementation. The vulnerability was disclosed on April 1, 2025, affecting the Linux kernel versions from 6.7 up to (excluding) 6.12.20, from 6.13 up to (excluding) 6.13.8, and versions up to (excluding) 6.6.84. The issue occurs when the hci sync command releases l2cap_conn while the hci receive data work queue still references the released connection when sending to the upper layer (NVD).

The vulnerability is a slab-use-after-free issue in the l2cap_send_cmd function, specifically at net/bluetooth/l2cap_core.c:954. The bug manifests when reading 8 bytes at a specific memory address after the connection has been freed. The CVSS v3.1 Base Score is 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) (NVD).

The vulnerability could lead to privilege escalation, information disclosure, or system crashes due to the use-after-free condition in the kernel's Bluetooth subsystem. Given the CVSS score of 7.8, this vulnerability has high potential impact on system confidentiality, integrity, and availability (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves adding hci dev lock to the hci receive data work queue to synchronize the two operations. System administrators should update to patched versions of the kernel: 6.13.8 or later for the 6.13 series, 6.12.20 or later for the 6.12 series, or 6.6.84 or later for earlier versions (NVD).