{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T20:43:32.795","vulnerabilities":[{"cve":{"id":"CVE-2025-40301","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-12-08T01:16:02.183","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: validate skb length for unknown CC opcode\n\nIn hci_cmd_complete_evt(), if the command complete event has an unknown\nopcode, we assume the first byte of the remaining skb->data contains the\nreturn status. However, parameter data has previously been pulled in\nhci_event_func(), which may leave the skb empty. If so, using skb->data[0]\nfor the return status uses un-init memory.\n\nThe fix is to check skb->len before using skb->data."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1a0ddaaf97405dbd11d4cb5a961a3f82400e8a50","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5c5f1f64681cc889d9b13e4a61285e9e029d6ab5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/779f83a91d4f1bf5ddfeaf528420cbb6dbf03fa8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/cf2c2acec1cf456c3d11c11a7589e886a0f963a9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fea895de78d3bb2f0c09db9f10b18f8121b15759","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}