CVE-2025-71082
Published: 13 January 2026
Summary
CVE-2025-71082 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2025-71082 is a vulnerability in the Linux kernel's btusb driver within the Bluetooth subsystem. It arises from the improper use of devm_kzalloc() in the btusb_probe() function, which ties the lifetime of btusb data structures to a single USB interface (INTF). This creates a problem in multi-interface USB devices, where the driver also binds to ISOC and DIAG interfaces, as the data may be prematurely freed during disconnection of one interface while still in use by others.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N) in an unprivileged scope (S:U). Exploitation occurs in btusb_disconnect(), where usb_driver_release_interface() triggers devm to free the shared data, potentially leading to use-after-free conditions or memory corruption. Successful exploitation can result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with a CVSS v3.1 base score of 7.8.
Mitigation involves applying kernel patches that revert the offending commit 98921dbd00c4e ("Bluetooth: Use devm_kzalloc in btusb.c file") and restore explicit memory freeing. Relevant stable kernel commits are available at https://git.kernel.org/stable/c/1e54c19eaf84ba652c4e376571093e58e144b339, https://git.kernel.org/stable/c/252714f1e8bdd542025b16321c790458014d6880, https://git.kernel.org/stable/c/c0ecb3e4451fe94f4315e6d09c4046dfbc42090b, https://git.kernel.org/stable/c/cca0e9206e3bcc63cd3e72193e60149165d493cc, and https://git.kernel.org/stable/c/fdf7c640fb8a44a59b0671143d8c2f738bc48003. Security practitioners should update affected Linux kernels promptly.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2254
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of devm_kzalloc in btusb This reverts commit 98921dbd00c4e ("Bluetooth: Use devm_kzalloc in btusb.c file"). In btusb_probe(), we use devm_kzalloc() to allocate the btusb data. This ties…
more
the lifetime of all the btusb data to the binding of a driver to one interface, INTF. In a driver that binds to other interfaces, ISOC and DIAG, this is an accident waiting to happen. The issue is revealed in btusb_disconnect(), where calling usb_driver_release_interface(&btusb_driver, data->intf) will have devm free the data that is also being used by the other interfaces of the driver that may not be released yet. To fix this, revert the use of devm and go back to freeing memory explicitly.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local low-priv UAF in btusb kernel driver directly enables privilege escalation via memory corruption.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly mitigates CVE-2025-71082 by applying kernel patches that revert devm_kzalloc usage and restore explicit memory freeing in the btusb driver.
Vulnerability monitoring and scanning identifies CVE-2025-71082 in Linux kernels, enabling timely detection and patching of the btusb memory management flaw.
Memory protection techniques mitigate use-after-free risks from premature data structure deallocation in the multi-interface btusb driver.