57 matches found
kernel: race condition for removal of the HCI controller
A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...
kernel: race condition for removal of the HCI controller
A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...
kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...
kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...
USN-5015-1 linux-oem-5.10 vulnerabilities
It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-33909 Michael Brown discovered that the Xen...
Important: kernel-livepatch-4.14.231-173.360
Issue Overview: A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in...
CVE-2020-10066
Incorrect Error Handling in Bluetooth HCI core. Zephyr versions = v1.14.2, = v2.2.0 contain NULL Pointer Dereference CWE-476. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr...
Zephyr 代码问题漏洞
Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. Zephyr suffers from a security vulnerability that stems from error handling in the Bluetooth HCI kernel. No detailed vulnerability details are provided at this time...
Zephyr 缓冲区错误漏洞
Zephyr is an open source, small, scalable real-time operating system. A security vulnerability exists in Zephyr versions >= v1.14.2 and >= v2.2.0, which stems from a lack of size checking in Bluetooth HCI on SPI. No details of the vulnerability are available at this time...
CVE-2019-20546
An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 Broadcom Wi-Fi chipsets software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 November 2019...
DEBIAN-CVE-2019-11884
The dohidpsockioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character...
CVE-2018-9544
In registerapp of btifhd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...
Apple MAC OS X Bluetooth HCI Interface Memory Corruption Vulnerability
Apple Mac OS X is a commercial operating system. A memory corruption vulnerability exists in Apple Mac OS X's handling of the Bluetooth HCI interface, which could allow an attacker to run a malicious application to execute arbitrary code...
Motorola Bluetooth Interface Dialog Spoofing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17190/info Motorola mobile handsets are prone to a dialog-spoofing vulnerability when accepting Bluetooth communications. An attacker could exploit this issue to trick a user into granting them AT access to the device. Th...
CVE-2006-6860
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information...
CVE-2006-6860
The CVE-2006-6860 entry describes a buffer overflow in MythControl 1.0 (and earlier) in the sendToMythTV function within MythControlServer.c. A crafted sendStr string sent to the Bluetooth interface can allow remote code execution. The vulnerability affects MythControl’s Bluetooth handling (sendT...
CVE-2006-6860
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information...