CVE-2025-38099: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38099 is a vulnerability discovered in the Linux kernel's Bluetooth implementation, specifically related to SCO (Synchronous Connection-Oriented) support. The vulnerability was disclosed on July 3, 2025, and affects various Linux distributions including Ubuntu and Red Hat systems. The issue occurs when SCO connections are established without proper voice settings, which can lead to controller lockup (NVD, Ubuntu).

The vulnerability stems from a flaw in the Linux kernel's Bluetooth subsystem where SCO connections are attempted without validating the READ_VOICE_SETTING support. When a SCO connection is established without the proper voice_setting parameter, it can cause the Bluetooth controller to become unresponsive (CVE).

The primary impact of this vulnerability is system stability, as it can cause the Bluetooth controller to lock up, potentially requiring a system restart to restore functionality. This affects systems using the Linux kernel with Bluetooth capabilities enabled (NVD).

The vulnerability has been resolved in the Linux kernel through a patch that disables SCO support when READ_VOICE_SETTING is unsupported or broken. Users are advised to update their systems to the latest kernel version that includes this fix (NVD).