Lucene search
K

345 matches found

Cvelist
Cvelist
added 6 days ago27 views

CVE-2026-53208 Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...

0.00176EPSS
Exploits0References8
CVE
CVE
added 6 days ago6 views

CVE-2026-53208

The CVE concerns the Linux kernel Bluetooth stack (L2CAP) where BR/EDR signaling packets larger than the signaling MTU could be accepted and cause an attacker to trigger multiple ECHO_RSP frames before pairing. Specifically, l2cap_sig_channel() allowed BR/EDR signaling packets up to the channel M...

5.8AI score0.00176EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 6 days ago10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel...

8.8CVSS5.9AI score0.00146EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: A stack-out-of-bounds read occurred in l2capecredconnreq. Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd, which is triggered by a malformed Enhanced Credit Based Connection Request. The...

8.1CVSS5.4AI score0.00252EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: l2cap: Check the encryption key size during incoming connections. This is required for passing the GAP/SEC/SEM/BI-04-C PTS test case: - Security Mode: 4, Level: 4, Responder: Invalid Encryption Key Size - Key Size:...

8.1CVSS5.8AI score0.00091EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Handling of NULL sock pointer in l2capsockalloc A NULL sock pointer is passed into l2capsockalloc when it is called from l2capsocknewconnectioncb. Error handling mechanisms should also take this into account. A...

5.5CVSS6.3AI score0.00189EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed “use-after-free” issue This involves using l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following error: Bluetooth: l2capcore.c: static void l2capchandestroystruct krefkref...

8CVSS6.5AI score0.0033EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed null-ptr-deref in l2capsockresumecb. syzbot reported null-ptr-deref in l2capsockresumecb. 0 l2capsockresumecb has a similar issue that was fixed in commit 1bff51ea59a9 “Bluetooth: fixed use-after-free errors i...

5.5CVSS6.4AI score0.00156EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.8 views

CVE-2026-5068

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chanops.allocbuf and the chosen RX pool has a userdatasize smaller than 2 bytes, the segmentation counter stored in t...

7.6CVSS5.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 12:45 p.m.15 views

CVE-2026-45836

A flaw was found in the Linux kernel's Bluetooth L2CAP subsystem. This vulnerability, a null-pointer dereference, occurs due to a missing NULL guard in the l2capsockgetsndtimeocb function. A local attacker could exploit this flaw to trigger a system crash, leading to a Denial of Service DoS...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/27 12:45 p.m.13 views

CVE-2026-45834

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. A missing null pointer guard in the l2capsockstatechangecb function can lead to a null pointer dereference. This vulnerability could allow an attacker to cause a system crash,...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/27 2:47 a.m.14 views

SUSE CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/26 5:16 p.m.14 views

CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.8AI score0.00123EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/26 5:16 p.m.12 views

CVE-2026-45836

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockgetsndtimeocb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.7AI score0.00122EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 5:16 p.m.5 views

UBUNTU-CVE-2026-45834

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockstatechangecb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:14 p.m.8 views

CVE-2026-45836

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockgetsndtimeocb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.8AI score0.00122EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/26 4:14 p.m.23 views

CVE-2026-45836

The CVE-2026-45836 vulnerability affects the Linux kernel Bluetooth L2CAP code and stems from a missing NULL guard in l2cap_sock_get_sndtimeo_cb(), which can cause a null pointer dereference. The issue is resolved by adding the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_s...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/05/26 4:14 p.m.40 views

CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockstatechangecb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

0.00123EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of null pointer checking in the l2capsockgetsndtimeocb function within the Bluetooth L2CAP...

5.8AI score0.00122EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2419 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAPINFORSP payload length before access l2capinformationrsp checks that cmdlen covers the fixed l2capinforsp header type + result, 4...

9.1CVSS5.9AI score0.00537EPSS
Exploits0References6
Rows per page
Query Builder