CVE-2025-22007

Summary

CVE-2025-22007 is a recently identified vulnerability affecting the Linux kernel. Specifically, it relates to an issue in the Bluetooth subsystem, more precisely in the chan_alloc_skb_cb() function. This function is responsible for allocating and initializing a socket buffer for Bluetooth channels. However, it was found that the function could return NULL instead of an error pointer upon failure. Such a return value leads to a NULL dereference, which in turn can result in arbitrary code execution or a system crash. The Linux community has released a patch to address this vulnerability and mitigate its potential impact.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.