57 matches found
kernel: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect...
CVE-2025-3496
An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface...
CVE-2025-3496 AUMA Riester: Buffer overflow in service telegram
An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface...
CVE-2025-3496
CVE-2025-3496 describes an unauthenticated remote buffer overflow affecting AUMA devices (AC1.2, MEC, PROFOX, SGx/SVx, TIGRON, TIGRON SIL) that can trigger unexpected behavior or DoS via Bluetooth or RS-232. Root cause is a buffer copy without proper size checking (classic buffer overflow). Publi...
CVE-2025-21827
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Add locks for usbdriverclaiminterface The documentation for usbdriverclaiminterface says that "the device lock" is needed when the function is called from places other than probe. This appears to be th...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: In hci, fix for null-ptr-deref in hcireadsupportedcodecs. Fix hcicmdsyncsk to return not NULL for unknown opcodes. hcicmdsyncsk returns NULL if a command returns a status event. However, it also returns NULL when an...
CVE-2024-56757
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a special USB interrupt interface for MediaTek in the btusb driver for Bluetooth modules that needs to be...
PT-2024-10677 · Bluetooth · Bluetooth
Name of the Vulnerable Software and Affected Versions: Bluetooth affected versions not specified Description: The issue is related to a possible out of bounds write in the handle notification response function of btif rc.cc due to a missing bounds check. This could lead to remote code execution...
Firewalla 安全漏洞
Firewalla is a driver from Firewalla Inc. A security vulnerability exists in Firewalla versions prior to 1.979 that stems from the presence of multiple authenticated operating system command injection vulnerabilities. An attacker authenticated with the Bluetooth Low Power Interface can use the...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the Bluetooth:HCI module removing HCIAMP support...
SUSE CVE-2024-36011
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...
USN-6465-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2023-31083 Lin Ma discovered that the Netlink...
CLSA-2023-1698247974 Fix of 6 CVEs
CVE-2023-42752 // CVE-url: https://ubuntu.com/security/CVE-2023-42752 - igmp: limit igmpv3newpack packet size to IPMAXMTU CVE-2023-4623 // CVE-url: https://ubuntu.com/security/CVE-2023-4623 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-34319 // CVE-url:...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a buffer overflow vulnerability that stems from a lack of bounds checking in the registernotificationrsp component of btifrc.cc, which can be exploited by an attacker to cause an out-of-bounds re...
Google Pixel 缓冲区错误漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a buffer overflow vulnerability that originates from a boundary error in processing data in btmbleprocessperiodicadvsynclostevt in blescannerhciinterface.cc, which can be exploited by an attacker to...
SUSE CVE-2019-10207
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the syste...
CVE-2022-20057
In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186...
MediaTek 多款产品安全漏洞
MediaTek Mt Series is a series of smartphone chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in several MediaTek products, which stems from incorrect error handling in btif and may result in memory corruption. The following products and versions are affected:...
The vulnerability of the Bluetooth HCI_ISO service of the Wireshark network traffic analyzer allows a hacker to cause a service failure.
The vulnerability of the Bluetooth HCIISO traffic analyzer service in Wireshark is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to cause a service failure by injecting specially created packets...