366 matches found
CVE-2026-23671
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally...
Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-23750
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent fragments using memcpy witho...
kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free
A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...
kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free
A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...
kernel: Linux kernel (CIFS): Use-after-free vulnerability allows data integrity compromise and denial of service
A flaw was found in the Linux kernel's Common Internet File System CIFS component. This use-after-free vulnerability occurs due to improper handling of server hostname information during connection re-establishment. An attacker on an adjacent network could exploit this, potentially leading to a...
kernel: Linux kernel (CIFS): Use-after-free vulnerability allows data integrity compromise and denial of service
A flaw was found in the Linux kernel's Common Internet File System CIFS component. This use-after-free vulnerability occurs due to improper handling of server hostname information during connection re-establishment. An attacker on an adjacent network could exploit this, potentially leading to a...
ROS-20260129-73-0012
A vulnerability in the Audio Profile AVRCP component of the Bluetooth protocol stack for Linux BlueZ is related to reading outside the valid range. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...
kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free
A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...
kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free
A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...
Azure Linux 3.0 Security Update: kernel (CVE-2024-36968)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36968 advisory. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in...
Azure Linux 3.0 Security Update: kernel (CVE-2024-49950)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49950 advisory. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2capconnec...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003203)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003203 advisory. The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002680)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002680 advisory. The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000217)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000217 advisory. A heap address information leak while using L2CAPGETCONFOPT was discovered in the Linux kernel before 5.1-rc1. Tenable has extracted the preceding description block...
PT-2026-8141
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth implementation of the Linux kernel related to a null pointer dereference within the hci uart write work function. The issue arises from a race condition...
CVE-2023-54214
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling allocskb which may release the chan lock and reacquire later which makes it possible that the chan is...
SUSE CVE-2023-54214
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling allocskb which may release the chan lock and reacquire later which makes it possible that the chan is...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992802)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992802 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2caplecommandrej. Tenable h...
CVE-2023-54214
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling allocskb which may release the chan lock and reacquire later which makes it possible that the chan is...