🟡 Medium | Source: Microsoft Security Response Center
CVE-2025-40213 is a vulnerability in the Linux kernel’s Bluetooth management (MGMT) subsystem, specifically causing a crash in the mesh synchronisation functions. While published via Microsoft’s Security Response Center under Azure, this is a kernel-level flaw that could affect Linux-based virtual machines and containers running in Azure environments. A crash vulnerability of this nature may be exploitable for denial-of-service conditions against affected workloads.
Security Architect’s Take: Review whether your Azure Linux VMs or AKS node pools are running kernel versions affected by this Bluetooth MGMT flaw, and apply available kernel patches promptly. Where Bluetooth functionality is unnecessary (common in cloud VMs), consider disabling the Bluetooth kernel module as a hardening measure to reduce attack surface.
Original advisory: CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete