Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: fixed a memory leak in hciupdateadvdata. When hcicmdsyncqueue fails in hciupdateadvdata, the instptr is not freed, which can lead to a memory leak. To address this issue, ERRPTR/PTRERR was used instead of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: Fixed memory leaks When hcicmdsyncqueue fails in hcileterminatebig or hcilebigterminate, the memory pointed to by the variable d is not freed, which can lead to memory leaks. A release mechanism should be...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed a race condition in hcicmdsyncclear. There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, which could lead to use-after-free issues. For example, hcicmdsyncwork is added to the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: rejecting malformed HCICMDSYNC commands In mgmthcicmdsync, check whether the size of the parameters passed in struct mgmtcphcicmdsync matches the total size of the data i.e., sizeofstruct mgmtcphcicmdsync plus th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fixed a null pointer dereference in btintelreadversion. If hcicmdsyncComplete is triggered and skb is NULL, then hdev-reqskb will also be NULL, which will cause this issue...

CVE-2026-43022

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...

SUSE CVE-2025-40318

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix race in hcicmdsyncdequeueonce hcicmdsyncdequeueonce does lookup and then cancel the entry under two separate lock sections. Meanwhile, hcicmdsyncwork can also delete the same entry, leading to double listd...

SUSE CVE-2025-38128

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...

UBUNTU-CVE-2025-38128

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from Bluetooth MGMT not validating the length of the HCICMDSYNC parameter, which could result in an out-of-bounds...

SUSE CVE-2023-53046

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, and could lead to use-after-free. For instance, hcicmdsyncwork is added to the 'reqworkqueue' after...

UBUNTU-CVE-2023-53046

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, and could lead to use-after-free. For instance, hcicmdsyncwork is added to the 'reqworkqueue' after...

DEBIAN-CVE-2024-53207

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hcicmdsyncdequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G ...

SUSE CVE-2024-50255

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hcireadsupportedcodecs Fix hcicmdsyncsk to return not NULL for unknown opcodes. hcicmdsyncsk returns NULL if a command returns a status event. However, it also returns NULL where an opcode...

kernel: Bluetooth: Fix race condition in hci_cmd_sync_clear

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, and could lead to use-after-free. For instance, hcicmdsyncwork is added to the 'reqworkqueue' after...