{"id":"CVE-2025-40284","summary":"Bluetooth: MGMT: cancel mesh send timer when hdev removed","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------","modified":"2026-04-02T17:29:23.036894Z","published":"2025-12-06T21:51:08.488Z","related":["MGASA-2026-0017","MGASA-2026-0018","SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0293-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:0939-1","SUSE-SU-2026:0940-1","SUSE-SU-2026:0941-1","SUSE-SU-2026:0943-1","SUSE-SU-2026:0946-1","SUSE-SU-2026:0951-1","SUSE-SU-2026:1073-1","SUSE-SU-2026:1083-1","SUSE-SU-2026:1089-1","SUSE-SU-2026:1096-1","SUSE-SU-2026:1099-1","SUSE-SU-2026:1101-1","SUSE-SU-2026:1125-1","SUSE-SU-2026:1132-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20829-1","SUSE-SU-2026:20831-1","SUSE-SU-2026:20832-1","SUSE-SU-2026:20840-1","SUSE-SU-2026:20841-1","SUSE-SU-2026:20842-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20847-1","SUSE-SU-2026:20848-1","SUSE-SU-2026:20849-1","SUSE-SU-2026:20850-1","SUSE-SU-2026:20851-1","SUSE-SU-2026:20852-1","SUSE-SU-2026:20853-1","SUSE-SU-2026:20854-1","SUSE-SU-2026:20855-1","SUSE-SU-2026:20856-1","SUSE-SU-2026:20857-1","SUSE-SU-2026:20858-1","SUSE-SU-2026:20859-1","SUSE-SU-2026:20860-1","SUSE-SU-2026:20861-1","SUSE-SU-2026:20862-1","SUSE-SU-2026:20863-1","SUSE-SU-2026:20864-1","SUSE-SU-2026:20865-1","SUSE-SU-2026:20866-1","SUSE-SU-2026:20876-1","SUSE-SU-2026:20880-1","SUSE-SU-2026:20881-1","SUSE-SU-2026:20882-1","SUSE-SU-2026:20883-1","SUSE-SU-2026:20884-1","SUSE-SU-2026:20885-1","SUSE-SU-2026:20886-1","SUSE-SU-2026:20887-1","SUSE-SU-2026:20888-1","SUSE-SU-2026:20889-1","SUSE-SU-2026:20891-1","SUSE-SU-2026:20892-1","SUSE-SU-2026:20893-1","SUSE-SU-2026:20894-1","SUSE-SU-2026:20895-1","SUSE-SU-2026:20896-1","SUSE-SU-2026:20897-1","SUSE-SU-2026:20898-1","SUSE-SU-2026:20899-1","SUSE-SU-2026:20900-1","SUSE-SU-2026:20945-1","SUSE-SU-2026:20946-1","SUSE-SU-2026:20947-1","openSUSE-SU-2026:20145-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40284.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2927ff643607eddf4f03d10ef80fe10d977154aa"},{"type":"WEB","url":"https://git.kernel.org/stable/c/55fb52ffdd62850d667ebed842815e072d3c9961"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7b6b6c077cad0601d62c3c34ab7ce3fb25deda7b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/990e6143b0ca0c66f099d67d00c112bf59b30d76"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fd62ca5ad136dcf6f5aa308423b299a6be6f54ea"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40284.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40284"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b338d91703fae6f6afd67f3f75caa3b8f36ddef3"},{"fixed":"990e6143b0ca0c66f099d67d00c112bf59b30d76"},{"fixed":"2927ff643607eddf4f03d10ef80fe10d977154aa"},{"fixed":"7b6b6c077cad0601d62c3c34ab7ce3fb25deda7b"},{"fixed":"fd62ca5ad136dcf6f5aa308423b299a6be6f54ea"},{"fixed":"55fb52ffdd62850d667ebed842815e072d3c9961"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40284.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.159"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.117"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.59"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40284.json"}}],"schema_version":"1.7.5"}