CVE-2025-39861: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39861 is a vulnerability discovered in the Linux kernel's Bluetooth Virtual HCI (vhci) implementation, disclosed on September 19, 2025. The vulnerability specifically affects the handling of debugfs files in the Bluetooth subsystem (NVD).

The vulnerability stems from improper management of debugfs files in the vhcirelease() function. Debugfs files such as 'forcesuspend' and 'forcewakeup' were created under hdev->debugfs but not properly removed during vhcirelease(). When vhcirelease() frees the backing vhcidata structure, any subsequent access to these files results in use-after-free errors. The issue persists in the window between vhcidata being freed and before hdev->debugfs is released in hcirelease_dev(). The vulnerability has been assigned a CVSS v3.1 base score of 7.0, indicating moderate severity (Red Hat).

The vulnerability could lead to use-after-free conditions in the Linux kernel's Bluetooth subsystem, potentially resulting in system crashes or memory corruption. This affects systems running the vulnerable versions of the Linux kernel, particularly those utilizing the Bluetooth Virtual HCI functionality (NVD).

The vulnerability has been resolved by moving the creation of debugfs files into a dedicated function and ensuring they are explicitly removed during vhci_release(), before associated data structures are freed. This fix has been implemented in the Linux kernel (NVD).