CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fixed a potential issue after the “user-after-free” operation. This fix addresses all cases where allocating a buffer using allocskb might release the “chan lock”, and reacquiring it later could result in the...

6AI score0.00177EPSS

Exploits0References1

AstraLinux•added 6 days ago•3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: ISO: Fixed a issue where user input was not validated using setsockopt. The length of user input was checked before data was copied...

7.1CVSS6.5AI score0.0025EPSS

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: syncsock recvcb and release operations. The issue occurs between the system call to close the socket sockclose and the execution of hcirxwork. In this process, hcirxwork releases the socket, but hcirxwork also...

5.5CVSS6.3AI score0.00212EPSS

AstraLinux•added 6 days ago•4 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in the Linux kernel through version 6.0.10. In the l2capconfigreq function within net/bluetooth/l2capcore.c, there is an integer wraparound occurring when processing L2CAPCONFREQ packets...

7.8CVSS6.4AI score0.00753EPSS

Vulnrichment•added 2026/06/09 6:20 a.m.•8 views

CVE-2026-5068 bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chanops.allocbuf and the chosen RX pool has a userdatasize smaller than 2 bytes, the segmentation counter stored in t...

7.6CVSS5.5AI score0.00166EPSS

Exploits0References1

Positive Technologies•added 2026/06/09 12:0 a.m.•10 views

PT-2026-47704

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chan ops.alloc buf and the chosen RX pool has a user data size smaller than 2 bytes, the segmentation counter stored ...

7.6CVSS5.5AI score0.00166EPSS

Microsoft CVE•added 2026/05/28 8:5 a.m.•5 views

Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()

...

5.5CVSS5.4AI score0.00176EPSS

Exploits0

RedhatCVE•added 2026/05/27 12:45 p.m.•9 views

CVE-2026-45835

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol component. A missing null pointer check in the l2capsocknewconnectioncb function could allow a remote attacker to trigger a null-pointer dereference. This vulnerability can lead to a system crash,...

5.5CVSS5.8AI score0.00177EPSS

Exploits0References4

SUSE CVE•added 2026/05/27 2:47 a.m.•8 views

SUSE CVE-2026-45836

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockgetsndtimeocb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.5CVSS5.8AI score0.00176EPSS

Exploits0References3

NVD•added 2026/05/26 5:16 p.m.•11 views

CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

0.00177EPSS

UbuntuCve•added 2026/05/26 5:16 p.m.•6 views

CVE-2026-45834

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockstatechangecb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

Cvelist•added 2026/05/26 4:14 p.m.•39 views

Exploits0References7

CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()

0.00177EPSS

CVE•added 2026/05/26 4:14 p.m.•21 views

CVE-2026-45835

In the Linux kernel, the Bluetooth L2CAP subsystem was vulnerable to a null-pointer dereference in l2cap_sock_new_connection_cb(). The issue was mitigated by adding the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb(), aligning the code with existing guards. Aff...

EUVD•added 2026/05/26 4:14 p.m.•12 views

EUVD-2026-31857

ATTACKERKB•added 2026/05/26 4:14 p.m.•5 views

CVE-2026-45835

Exploits0References6Affected Software1

EUVD•added 2026/05/26 4:14 p.m.•10 views

EUVD-2026-31856

Positive Technologies•added 2026/05/26 12:0 a.m.•10 views

PT-2026-43303

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference occurs in the Bluetooth L2CAP component within the l2cap sock new connection cb function. A null pointer dereference is a runtime error that happens when a...

9.8CVSS5.9AI score0.00513EPSS

Exploits4References452

CNNVD•added 2026/05/26 12:0 a.m.•7 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of null pointer checking in the l2capsocknewconnectioncb function within the Bluetooth L2CAP...

CNNVD•added 2026/05/26 12:0 a.m.•8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a lack of null pointer checking in the l2capsockstatechangecb function within the Bluetooth L2CAP...