6 matches found
CVE-2026-9263
The CVE-2026-9263 issue affects Zephyr’s Bluetooth controller ISO Adaptation Layer (ISOAL). It stems from insufficient validation of framed ISO PDU start segments: start segments with sc=0 are required to have a len of at least 3 (PDU_ISO_SEG_TIMEOFFSET_SIZE), but isoal_check_seg_header() accepte...
UBUNTU-CVE-2026-10658
A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without firs...
CVE-2026-10658
CVE-2026-10658 affects Zephyr’s Bluetooth Host ISO RX path, specifically bt_iso_recv() in subsys/bluetooth/host/iso.c. The vulnerability arises from missing minimum length checks for SDU headers when processing PB=START/SINGLE, allowing a malformed HCI ISO payload to bypass the inner header lengt...
SUSE CVE-2021-39926
Buffer overflow in the Bluetooth HCIISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file...
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
...
AZL-7414 CVE-2021-39926 affecting package wireshark for versions less than 3.4.14-1
Buffer overflow in the Bluetooth HCIISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file...