PT-2025-28878

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability exists in the vhci flush function within the Bluetooth HCI core of the Linux kernel. The vulnerability occurs when a thread closes a vhci file descriptor...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a slab-use-after-free error in l2capsendcmd. After the hci sync command releases the l2capconn, the hci receive data work queue references the released l2cap Conn when sending data to the upper layer...

CVE-2022-3746

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller EC interface...

kernel: Bluetooth: HCI: Fix potential null-ptr-deref

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

kernel: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...

DEBIAN-CVE-2022-49908

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhciwrite Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 size 240: ... hex dump first 32 bytes: 00 00 ...

The vulnerability of the nci_close_device() function in the net/nfc/nci/core.c module, which is part of the NFC NCI support for Linux operating systems, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the nciclosedevice function in the net/nfc/nci/core.c module, which supports NFC NCI implementations in Linux operating systems, is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality...

DEBIAN-CVE-2025-21969

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

CVE-2025-21969 Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

SUSE CVE-2023-53018

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix memory leaks When hcicmdsyncqueue failed in hcileterminatebig or hcilebigterminate, the memory pointed by variable d is not freed, which will cause memory leak. Add release process to error path...

DEBIAN-CVE-2023-53018

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix memory leaks When hcicmdsyncqueue failed in hcileterminatebig or hcilebigterminate, the memory pointed by variable d is not freed, which will cause memory leak. Add release process to error path...

The vulnerability of the xhci kernel component in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the xhci core in the Linux operating system is related to incorrect validation of input data in the tegraxusbenterelpg function in drivers/usb/host/xhci-tegra.c. Exploiting this vulnerability can allow an attacker to cause a service failure...

usb: xhci: Fix NULL pointer dereference on certain command aborts

...

The vulnerability of the HCI interface of Espressif ESP32 microcontroller software allows attackers to circumvent existing security restrictions.

The vulnerability of the HCI interface in Espressif ESP32 microcontroller software lies in the presence of undocumented configuration commands. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

Espressif ESP32 安全漏洞

Espressif ESP32 is a microcontroller from China Loxin Espressif. A security vulnerability exists in the Espressif ESP32 that stems from hidden HCI commands that may result in memory writes...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error CVE-2024-41098 In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proccpusetshow CVE-2024-43853 In the Linux...

Linux Distros Unpatched Vulnerability : CVE-2021-4202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in ncirequest in net/nfc/nci/core.c in NFC Controller Interface NCI in the Linux kernel. This flaw could allow a local attacker...

SUSE CVE-2022-49059

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flushworkqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed mechanism timer and...

SUSE CVE-2022-49139

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hcisyncconncompleteevt This event is just specified for SCO and eSCO link types. On the reception of a HCISynchronousConnectionComplete for a BDADDR of an existing LE connection, LE link type and ...

UBUNTU-CVE-2022-49470

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: fix use-after-free at btmtksdiorecvevent We should not access skb buffer data anymore after hcirecvframe was called. 39.634809 BUG: KASAN: use-after-free in btmtksdiorecvevent+0x1b0 39.634855 Read of size 1 ...