Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a slab-use-after-free error in l2capsendcmd. After the hci sync command releases the l2capconn, the hci receive data work queue references the released l2cap Conn when sending data to the upper layer...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Use hdev-workqueue when scheduling hdev-cmd,ncmdtimer works. syzbot reports that an attempt is made to schedule hdev-cmdwork from systemwq to hdev-workqueue WQ, which is currently in a draining operation 1. Commit...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS UBSAN complains about array-index-out-of-bounds: 1.980703 kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709 kernel:...

Astra Linux – Vulnerability in Qemu

A reachable assertion issue was detected in the USB EHCI emulation code of QEMU. This issue can occur during the processing of USB requests due to a faulty handling of the DMA memory map. A malicious privileged user within the guest environment may exploit this flaw to send invalid USB requests,...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xHCI: Corruption of the command ring pointer occurred during command aborts. The command ring pointer is located at bits 6:63 of the command ring control register CRCR. All control bits, such as those related to command stopping...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race The function sgremovesfpusercontext must not use sgdeviceDestroy after calling scsidevicePut. sgdeviceDestroy accesses the parent scsidevice request queue, which will already be set to NULL...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: lookup hciconn on the RX path at the protocol level The hdev lock/lookup/unlock/use pattern in the packet RX path does not ensure that hciconn is not concurrently modified/deleted. This locking mechanism seems...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFC: nci: uart: Set tty-discdata only in the successful path. Setting tty-discdata before opening the NCI device means that we need to clean up the state in error paths. This also opens a short window during operation—if the devi...

CVE-2026-31771

A flaw was found in the Linux kernel's Bluetooth subsystem. A remote attacker could exploit a missing bounds check by sending a specially crafted, short Bluetooth Host Controller Interface HCI event frame. This could lead to a buffer overflow, potentially allowing the attacker to cause a denial o...

CVE-2026-43018

A flaw was found in the Linux kernel's Bluetooth component. This Use-After-Free UAF vulnerability arises from insufficient locking during hciconn lookup and access within the hcileremoteconnparamreqevt function. An attacker could potentially exploit this to cause a system crash or execute arbitra...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from hcicmdsyncqueueonce in Bluetooth hcisync does not correctly indicate if a queue item already exists, which...

PT-2026-36407

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci sync: fix stack buffer overflow in hci le big create sync hci le big create sync uses DEFINE FLEX to allocate a struct hci cp le big create sync on the stack with room for 0x11 17 BIS entries. However, conn-num bis...

PT-2026-36406

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where hci store wake reason is called within hci event packet before the per-event minimum payload length is enforced by hci event func. This...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the hcileremoteconnparamreqevt function in Bluetooth hcievent not locking the hciconn, which could lead to...

EUVD-2026-24876

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintelhwerror with hcireqsynclock btintelhwerror issues two hcicmdsync calls HCIOPRESET and Intel exception-info retrieval without holding hcireqsynclock. This lets it race against hcidevdoclose -...

PT-2026-34405

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Bluetooth component where the btintel hw error function issues synchronous HCI commands without holding the hci req sync lock lock. This allows it to race...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010800)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010800 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsprecv can be called even when the...

EUVD-2026-15287

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...

CVE-2026-23330

A flaw was found in the Linux kernel's Near Field Communication NFC Controller Interface NCI subsystem. When an NFC device is closed, the nciclosedevice function may not properly complete pending data exchanges. This can lead to a resource leak, where unreferenced socket objects consume system...

CVE-2026-23330

Summary: CVE-2026-23330 affects the Linux kernel NFC/NCI subsystem. The issue arises in nci_close_device() where pending data exchanges may not be completed before closing, allowing a leaking unreferenced socket object (example: 0xff1100000f435000, size 2048) and associated references. This could...