Lucene search
K

1517 matches found

SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.16 views

SUSE CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 7:42 p.m.12 views

CVE-2026-46138

A flaw was found in the Linux kernel's Bluetooth subsystem, specifically within the hcilecreatebigcompleteevt function. A remote attacker, by sending a specially crafted LECreateBIGComplete event from a malicious Bluetooth controller, could trigger an out-of-bounds read and an infinite loop. This...

8.1CVSS5.8AI score0.00277EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 10:16 a.m.14 views

CVE-2026-46138

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix OOB read and infinite loop in hcilecreatebigcompleteevt hcilecreatebigcompleteevt iterates over BTBOUND connections for a BIG handle using a while loop, accessing ev-bishandlei++ on each iteration. Howeve...

8.1CVSS0.00277EPSS
Exploits0References5
NVD
NVD
added 2026/05/28 10:16 a.m.11 views

CVE-2026-46111

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

7.8CVSS0.00125EPSS
Exploits0References5
OSV
OSV
added 2026/05/28 10:16 a.m.7 views

UBUNTU-CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8
OSV
OSV
added 2026/05/28 10:16 a.m.7 views

UBUNTU-CVE-2026-46111

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.9 views

CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

5.7AI score0.00123EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/05/28 9:36 a.m.13 views

EUVD-2026-32813

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

5.7AI score0.00123EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.38 views

CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

0.00123EPSS
Exploits0References7
CVE
CVE
added 2026/05/28 9:35 a.m.28 views

CVE-2026-46138

The CVE-2026-46138 issue affects the Linux kernel Bluetooth subsystem, specifically hci_le_create_big_complete_evt. A loop over BT_BOUND connections for a BIG handle may access ev->bis_handle[i++] without ensuring i

8.1CVSS5.7AI score0.00277EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.35 views

CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix OOB read and infinite loop in hcilecreatebigcompleteevt hcilecreatebigcompleteevt iterates over BTBOUND connections for a BIG handle using a while loop, accessing ev-bishandlei++ on each iteration. Howeve...

8.1CVSS0.00277EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.12 views

CVE-2026-46138

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix OOB read and infinite loop in hcilecreatebigcompleteevt hcilecreatebigcompleteevt iterates over BTBOUND connections for a BIG handle using a while loop, accessing ev-bishandlei++ on each iteration. Howeve...

8.1CVSS5.7AI score0.00277EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.35 views

CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

7.8CVSS0.00125EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:10 a.m.9 views

Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

...

8.8CVSS5.4AI score0.00262EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/28 3:53 a.m.13 views

SUSE CVE-2026-46056

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...

5.5CVSS5.8AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44309

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The virtbt rx handle function in the Bluetooth virtio bt driver fails to validate that the remaining payload length is sufficient to cover the fixed HCI header for the selected packet ty...

9.8CVSS5.9AI score0.03663EPSS
Exploits15References283
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from out-of-bounds read accesses and infinite loops in the hcilecreatebigcompleteevt function. This...

8.1CVSS5.8AI score0.00277EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44234

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the Bluetooth component. The create big complete function unconditionally dereferences the...

7.8CVSS6AI score0.00125EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the virtiobt driver. In this driver, the virtbtrxhandle function does not check whether the...

5.9AI score0.00123EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/27 7:7 p.m.14 views

CVE-2026-46056

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

8.8CVSS6AI score0.00262EPSS
Exploits0References4
Rows per page
Query Builder