1729 matches found
CVE-2026-53357
A flaw was found in the Linux kernel's Bluetooth component. A Use-After-Free UAF vulnerability exists in the l2capsockcleanuplisten and l2capconndel functions. This flaw occurs due to a race condition during the cleanup of a listening socket and a concurrent Bluetooth HCI disconnect. An...
CVE-2026-53357
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...
EUVD-2026-40565
Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. Chromium security severity: Medium...
DEBIAN-CVE-2026-13785
Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-13879
CVE-2026-13879 : Use-after-free in Bluetooth handling in Google Chrome (Chromium) prior to 150.0.7871.47. The issue allows an attacker on the local network segment to potentially read sensitive data from a process’s memory via a malicious Bluetooth peripheral. Affected component is Bluetooth code...
CVE-2026-13785
CVE-2026-13785 is a use-after-free in Bluetooth handling in Google Chrome on macOS, affected before version 150.0.7871.47. A remote attacker could harness crafted HTML and force a user to perform specific UI gestures to potentially escape the Chrome sandbox. The issue is documented across multipl...
PT-2026-54062
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use-after-free issue exists in the Bluetooth component of Google Chrome on macOS. A remote attacker can exploit this by convincing a user to visit a crafted HTML page and perform...
PT-2026-54307
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description A use after free issue exists in the Bluetooth component. This occurs when a user is convinced to install a malicious extension, allowing an attacker to execute arbitrary code vi...
Linux Distros Unpatched Vulnerability : CVE-2026-53208
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU a...
Linux Distros Unpatched Vulnerability : CVE-2026-53256
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener aft...
Chromium: CVE-2026-13035 Use after free in Bluetooth
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
SUSE CVE-2026-53254
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...
Exploit for Improper Authentication in Google Android
BlueDucky Ver 2.1 Android 🦆 Thanks to all the people at Hac...
UBUNTU-CVE-2026-53253
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...
CVE-2026-53251
CVE-2026-53251: Linux kernel Bluetooth ISO path vulnerability where hci_get_route() leaks a reference-counted hci_dev pointer (via hci_dev_hold()) on exit, without releasing it. Documented as a resource leak that can contribute to a Denial of Service. Several advisories indicate patches exist (e....
CVE-2026-13035
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: High...
DEBIAN-CVE-2026-13035
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: High...
CVE-2026-13035
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: High...
CVE-2026-13035
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: A missing check for the encryption key size was fixed in the L2CAPLEConnREQ. This addition ensures that the encryption key size is checked upon receiving the L2CAPLEConnREQ, which is required by...