In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix NULL pointer deference on eirgetservice_data
The len parameter is considered optional so it can be NULL so it cannot be used for skipping to next entry of EIRSERVICEDATA.
[ { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@497c9d2d7d3983826bb02c10fb4a5818be6550fb", "deprecated": false, "digest": { "line_hashes": [ "305486785420690627842257006669783581807", "144259716522773144463780643650134287950", "86786926252382151224422637624850140197", "95731422876662090246665185713038160282", "2506553434411623746093121716079553242", "309146876797709788988091009729161460324", "74327326282492521545499188431405499654", "259661961968659902304123145320489221234", "335879594477182578041346760457673783552", "82554303985553826376245557978366309180", "33006726724428665923360386588321477367", "63167747687195853809606563609578150513" ], "threshold": 0.9 }, "target": { "file": "net/bluetooth/eir.c" }, "id": "CVE-2025-38304-3880462d", "signature_type": "Line", "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d99cc0f8e6fa0f35570887899f178122a61d44e", "deprecated": false, "digest": { "line_hashes": [ "305486785420690627842257006669783581807", "144259716522773144463780643650134287950", "86786926252382151224422637624850140197", "95731422876662090246665185713038160282", "2506553434411623746093121716079553242", "309146876797709788988091009729161460324", "74327326282492521545499188431405499654", "259661961968659902304123145320489221234", "335879594477182578041346760457673783552", "82554303985553826376245557978366309180", "33006726724428665923360386588321477367", "63167747687195853809606563609578150513" ], "threshold": 0.9 }, "target": { "file": "net/bluetooth/eir.c" }, "id": "CVE-2025-38304-4739777d", "signature_type": "Line", "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@842f7c3154d5b25ca11753c02ee8cf6ee64c0142", "deprecated": false, "digest": { "function_hash": "109879971166697091228287449594387723368", "length": 322.0 }, "target": { "file": "net/bluetooth/eir.c", "function": "eir_get_service_data" }, "id": "CVE-2025-38304-582f0e30", "signature_type": "Function", "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@497c9d2d7d3983826bb02c10fb4a5818be6550fb", "deprecated": false, "digest": { "function_hash": "109879971166697091228287449594387723368", "length": 322.0 }, "target": { "file": "net/bluetooth/eir.c", "function": "eir_get_service_data" }, "id": "CVE-2025-38304-59f19bd6", "signature_type": "Function", "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@842f7c3154d5b25ca11753c02ee8cf6ee64c0142", "deprecated": false, "digest": { "line_hashes": [ "305486785420690627842257006669783581807", "144259716522773144463780643650134287950", "86786926252382151224422637624850140197", "95731422876662090246665185713038160282", "2506553434411623746093121716079553242", "309146876797709788988091009729161460324", "74327326282492521545499188431405499654", "259661961968659902304123145320489221234", "335879594477182578041346760457673783552", "82554303985553826376245557978366309180", "33006726724428665923360386588321477367", "63167747687195853809606563609578150513" ], "threshold": 0.9 }, "target": { "file": "net/bluetooth/eir.c" }, "id": "CVE-2025-38304-73fa7f45", "signature_type": "Line", "signature_version": "v1" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7d99cc0f8e6fa0f35570887899f178122a61d44e", "deprecated": false, "digest": { "function_hash": "109879971166697091228287449594387723368", "length": 322.0 }, "target": { "file": "net/bluetooth/eir.c", "function": "eir_get_service_data" }, "id": "CVE-2025-38304-8b557b31", "signature_type": "Function", "signature_version": "v1" } ]