460 matches found
CVE-2025-35003
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack HCI and UART components that may result in system crash, denial of service, or arbitrary code execution, after receiving...
CVE-2025-35003
Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack HCI and UART components that may result in system crash, denial of service, or arbitrary code execution, after receiving...
CVE-2025-35003
CVE-2025-35003 covers a buffer overflow in Apache NuttX’s Bluetooth Stack (HCI and UART components). The issue arises from improper restriction in memory buffers, potentially enabling system crash, denial of service, or arbitrary code execution after receiving crafted packets. Affected software: ...
CVE-2024-0240
A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop...
CVE-2023-20988
In btmreadrssicomplete of btmacl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-20224
In ATSKIPREST of btahfclientat.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2020-11141
u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...
CVE-2025-3885
CVE-2025-3885 affects Harman Becker MGU21 devices with the BCM89359 Bluetooth stack. The root cause is improper validation of Bluetooth frames, enabling network-adjacent attackers to trigger a denial-of-service condition without authentication. Documentation notes the vulnerability is tied to the...
(0Day) Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The iss...
PT-2025-38567
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free vulnerability exists in the Bluetooth stack, specifically within the l2cap sock cleanup listen function. The issue arises from a race condition where a socket can be fre...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52778: mptcp: deal with large GSO size bsc1224948. CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking...
CLSA-2025-1742319829 Fix of 27 CVEs
CVE-url: https://ubuntu.com/security/CVE-2023-52522 - net: fix possible store tearing in neighperiodicwork CVE-url: https://ubuntu.com/security/CVE-2024-40911 - wifi: cfg80211: Lock wiphy in cfg80211getstation CVE-url: https://ubuntu.com/security/CVE-2024-43863 - drm/vmwgfx: Fix a deadlock in dma...
CVE-2025-20649
In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue I...
Linux Distros Unpatched Vulnerability : CVE-2017-1000251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack...
CVE-2025-20649
In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue I...
CVE-2025-20649
In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue I...
CVE-2025-20649
In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue I...
CVE-2025-20649
In Bluetooth Stack SW, a missing permission check enables information disclosure from adjacent/remote sources without requiring user interaction. Exposed component, root cause and impact are described in CVE-2025-20649 with a patch: WCNCR00396437 (Issue MSV-2184). The CVSS data indicates an adjac...
SUSE CVE-2022-49470
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: fix use-after-free at btmtksdiorecvevent We should not access skb buffer data anymore after hcirecvframe was called. 39.634809 BUG: KASAN: use-after-free in btmtksdiorecvevent+0x1b0 39.634855 Read of size 1 ...
CVE-2024-33454
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component...