Out-of-bounds Read in kernel-modules-extra-matched | CVE-2025-40301

Threat Intelligence

0.05% (16^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Out-of-bounds Read vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-RHEL10-KERNELMODULESEXTRAMATCHED-14225670
published9 Dec 2025
disclosed8 Dec 2025

Report a new vulnerability Found a mistake?

Introduced: 8 Dec 2025

CVE-2025-40301 (opens in a new tab) CWE-125 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-modules-extra-matched package and not the kernel-modules-extra-matched package as distributed by RHEL.

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_event: validate skb length for unknown CC opcode

In hci_cmd_complete_evt(), if the command complete event has an unknown opcode, we assume the first byte of the remaining skb->data contains the return status. However, parameter data has previously been pulled in hci_event_func(), which may leave the skb empty. If so, using skb->data[0] for the return status uses un-init memory.

The fix is to check skb->len before using skb->data.

Out-of-bounds Read The advisory has been revoked - it doesn't affect any version of package kernel-modules-extra-matched (opens in a new tab)