CVE-2025-40213:
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete

There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array.

Another crash is in setmeshcomplete() due to double listdel via mgmtpendingvalid + mgmtpending_remove.

Use DEFINE_FLEX to declare the flexible array right, and don't memcpy outside bounds.

As mgmtpendingvalid removes the cmd from list, use mgmtpendingfree, and also report status on error.

Source: NVD

Not a Wiz customer? See which CVEs are exploitable in your environment.

Published November 24, 2025

CNA Score N/A

Affected Technologies

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 5

Exploitation Probability (EPSS) N/A

Affected packages and libraries

Sources

NVD
Debian Security Tracker
- Debian 13 No FixAdded at: Nov 25, 2025
- Debian 14 Has FixAdded at: Nov 25, 2025
Ubuntu Security Tracker
- Ubuntu 25.10 Severity MEDIUMNo FixAdded at: Nov 27, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-59030	HIGH	7.5	Linux Debian	pdns-recursor	No	Yes	Dec 09, 2025
CVE-2025-59029	MEDIUM	5.3	Linux Debian	pdns-recursor	No	Yes	Dec 09, 2025
CVE-2025-40344	N/A	N/A	Linux Kernel	kernel-debug-modules-internal	No	Yes	Dec 09, 2025
CVE-2025-40343	N/A	N/A	Linux Kernel	kernel-64k-debug-devel	No	Yes	Dec 09, 2025
CVE-2025-40342	N/A	N/A	Linux Kernel	kernel-64k-debug-devel-matched	No	Yes	Dec 09, 2025