What is the severity of CVE-2025-21936?

CVE-2025-21936 has a moderate severity rating due to the potential for null pointer dereference leading to denial of service.

How do I fix CVE-2025-21936?

To fix CVE-2025-21936, update your Linux kernel to the latest version that includes the patch for this vulnerability.

What component is affected by CVE-2025-21936?

CVE-2025-21936 affects the Bluetooth functionality in the Linux kernel.

What is the primary vulnerability caused by CVE-2025-21936?

CVE-2025-21936 can cause a null pointer dereference when allocating an skb in the management device connected function.

Is CVE-2025-21936 a recent vulnerability?

Yes, CVE-2025-21936 is a recent vulnerability identified in the Linux kernel's Bluetooth implementation.

Vulnerability/
CVE-2025-21936

medium

5.5

CWE

476

1/4/2025

10/4/2025

CVE-2025-21936: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()

First published: Tue Apr 01 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
Linux Kernel	>=5.17<6.1.131
Linux Kernel	>=6.2<6.6.83
Linux Kernel	>=6.7<6.12.19
Linux Kernel	>=6.13<6.13.7
Linux Kernel	=6.14-rc1
Linux Kernel	=6.14-rc2
Linux Kernel	=6.14-rc3
Linux Kernel	=6.14-rc4
Linux Kernel	=6.14-rc5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-21936?
CVE-2025-21936 has a moderate severity rating due to the potential for null pointer dereference leading to denial of service.
How do I fix CVE-2025-21936?
To fix CVE-2025-21936, update your Linux kernel to the latest version that includes the patch for this vulnerability.
What component is affected by CVE-2025-21936?
CVE-2025-21936 affects the Bluetooth functionality in the Linux kernel.
What is the primary vulnerability caused by CVE-2025-21936?
CVE-2025-21936 can cause a null pointer dereference when allocating an skb in the management device connected function.
Is CVE-2025-21936 a recent vulnerability?
Yes, CVE-2025-21936 is a recent vulnerability identified in the Linux kernel's Bluetooth implementation.

collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/title
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/source
agent/author
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
agent/softwarecombine
agent/severity
agent/remedy
agent/tags
vendor/linux
canonical/linux kernel
version/linux kernel/5.17
version/linux kernel/6.2
version/linux kernel/6.7
version/linux kernel/6.13
version/linux kernel/6.14-rc1
version/linux kernel/6.14-rc2
version/linux kernel/6.14-rc3
version/linux kernel/6.14-rc4
version/linux kernel/6.14-rc5

CVE-2025-21936: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-21936?

How do I fix CVE-2025-21936?

What component is affected by CVE-2025-21936?

What is the primary vulnerability caused by CVE-2025-21936?

Is CVE-2025-21936 a recent vulnerability?

Company

Resources

Contact