CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10, linux-6.1

A issue was discovered in the driver/bluetooth/hcildisc.c file within the Linux kernel 6.2. In hciuartttyioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. The HCIUARTPROTOSET function is called before hu-proto is set. A NULL pointer dereferencing may occur...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btnxpuart: Fixed kernel panic during firmware release This fix addresses a kernel panic that occurred during the release of firmware in a stress test scenario where WLAN and Bluetooth firmware downloads occur...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel before version 5.16.3, the driver/bluetooth/hciqca.c file misinterprets the return value of devmgpiodgetindexoptional. It expects the return value to be NULL in the error case, but in reality, it is an error pointer...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A use-after-free flaw was discovered in btsdioremove in the drivers\bluetooth\btsdio.c file within the Linux kernel. In this flaw, calling btsdioremove with an unfinished job may lead to a race condition, resulting in a User Account Fault UAF on HDev devices...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

A race condition was found in the Linux kernel's net/bluetooth device driver in conninfomin,maxageset function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

A race condition was detected in the Bluetooth device driver of the Linux kernel’s min,maxkeysizeset function. This can lead to a null pointer dereferencing issue, potentially causing a kernel panic or a denial-of-service attack...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: qca: fixed a NULL dereferencing on non-serdev controllers. Qualcomm ROME controllers can be registered through the Bluetooth line discipline. In this case, the HCI UART serdev pointer is NULL. A missing sanity check...

Bluetooth: btusb: clamp SCO altsetting table indices

...

CVE-2026-31500

A flaw was found in the Linux kernel's Bluetooth subsystem. A race condition exists in the Intel Bluetooth driver, where two functions can access the same memory concurrently without proper synchronization. This can lead to a use-after-free vulnerability, allowing a local attacker to potentially...

CVE-2026-31500

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintelhwerror with hcireqsynclock btintelhwerror issues two hcicmdsync calls HCIOPRESET and Intel exception-info retrieval without holding hcireqsynclock. This lets it race against hcidevdoclose -...

CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO altsetting table indices btusbwork maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup current...

Linux Distros Unpatched Vulnerability : CVE-2026-31497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: btusb: clamp SCO altsetting table indices btusbwork maps the number of active SCO links to USB alternate settings through a three-entry lookup table...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013012)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013012 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: reorder cleanup in btusbdisconnect to avoid UAF There is a KASAN:...

Stack-based buffer overflow vulnerability in Dynabook Bluetooth ACPI Drivers

Overview Bluetooth ACPI Drivers provided by Dynabook Inc. contain the following vulnerability. Stack-based buffer overflow CWE-121 - CVE-2026-35553 Andrea Monzani, Antonio Parata, and Davide Netti of University of Milan reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006789)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006789 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uarthandlectschange function in...

kernel: Fix of 13 CVEs

fbdev: Fix vmalloc out-of-bounds write in fastimageblit CVE-2025-38685 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - fbdev: fix potential buffer overflow in doregisterframebuffer CVE-2025-38702 - scsi: ses: Fix slab-out-of-bounds in...

Azure Linux 3.0 Security Update: kernel (CVE-2024-24860)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24860 advisory. - A race condition was found in the Linux kernel's bluetooth device driver in min,maxkeysizeset function. This...

Azure Linux 3.0 Security Update: kernel (CVE-2024-24857)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24857 advisory. - A race condition was found in the Linux kernel's net/bluetooth device driver in conninfomin,maxageset...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001764)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001764 advisory. A race condition was found in the Linux kernel's bluetooth device driver in min,maxkeysizeset function. This can result in a null pointer dereference issue, possibly...