CVE-2025-37792
MEDIUMLinux Kernel - NULL Pointer Dereference in Bluetooth btrtl_initialize
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() either had an error or it loaded a zero length file. However, if it loaded a zero length file then the error code is not set correctly. It results in an error pointer vs NULL bug, followed by a NULL pointer dereference. This was detected by Smatch: drivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR'
References (10)
Core 10
Core References
Scores
CVSS v3
5.5
EPSS
0.0007
EPSS Percentile
20.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (28)
debian/debian_linux
11.0
linux/Kernel
4.19.0 - 5.4.293linux
linux/Kernel
5.11.0 - 5.15.181linux
linux/Kernel
5.16.0 - 6.1.135linux
linux/Kernel
5.5.0 - 5.10.237linux
linux/Kernel
6.13.0 - 6.14.4linux
linux/Kernel
6.2.0 - 6.6.88linux
linux/Kernel
6.7.0 - 6.12.25linux
Linux/Linux
< 4.19
Linux/Linux
26503ad25de8c7c93a2037f919c2e49a62cf65f1 - 2d7c60c2a38b4b461fa960ad0995136a6bfe0756
... and 18 more
Published
May 01, 2025
Tracked Since
Feb 18, 2026