Cyber Resilience

CVE-2025-71082

High

Published: 13 January 2026

Published
13 January 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-71082 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-71082 is a vulnerability in the Linux kernel's btusb driver within the Bluetooth subsystem. It arises from the improper use of devm_kzalloc() in the btusb_probe() function, which ties the lifetime of btusb data structures to a single USB interface (INTF). This creates a problem in multi-interface USB devices, where the driver also binds to ISOC and DIAG interfaces, as the data may be prematurely freed during disconnection of one interface while still in use by others.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N) in an unprivileged scope (S:U). Exploitation occurs in btusb_disconnect(), where usb_driver_release_interface() triggers devm to free the shared data, potentially leading to use-after-free conditions or memory corruption. Successful exploitation can result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with a CVSS v3.1 base score of 7.8.

Mitigation involves applying kernel patches that revert the offending commit 98921dbd00c4e ("Bluetooth: Use devm_kzalloc in btusb.c file") and restore explicit memory freeing. Relevant stable kernel commits are available at https://git.kernel.org/stable/c/1e54c19eaf84ba652c4e376571093e58e144b339, https://git.kernel.org/stable/c/252714f1e8bdd542025b16321c790458014d6880, https://git.kernel.org/stable/c/c0ecb3e4451fe94f4315e6d09c4046dfbc42090b, https://git.kernel.org/stable/c/cca0e9206e3bcc63cd3e72193e60149165d493cc, and https://git.kernel.org/stable/c/fdf7c640fb8a44a59b0671143d8c2f738bc48003. Security practitioners should update affected Linux kernels promptly.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of devm_kzalloc in btusb This reverts commit 98921dbd00c4e ("Bluetooth: Use devm_kzalloc in btusb.c file"). In btusb_probe(), we use devm_kzalloc() to allocate the btusb data. This ties…

more

the lifetime of all the btusb data to the binding of a driver to one interface, INTF. In a driver that binds to other interfaces, ISOC and DIAG, this is an accident waiting to happen. The issue is revealed in btusb_disconnect(), where calling usb_driver_release_interface(&btusb_driver, data->intf) will have devm free the data that is also being used by the other interfaces of the driver that may not be released yet. To fix this, revert the use of devm and go back to freeing memory explicitly.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local low-priv UAF in btusb kernel driver directly enables privilege escalation via memory corruption.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
3.7, 6.19 · 3.7.1 — 5.15.198 · 5.16 — 6.1.160 · 6.2 — 6.6.120

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates CVE-2025-71082 by applying kernel patches that revert devm_kzalloc usage and restore explicit memory freeing in the btusb driver.

detect

Vulnerability monitoring and scanning identifies CVE-2025-71082 in Linux kernels, enabling timely detection and patching of the btusb memory management flaw.

prevent

Memory protection techniques mitigate use-after-free risks from premature data structure deallocation in the multi-interface btusb driver.

References