197 matches found
usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
...
CVE-2025-38593
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...
RHEL 8 : kernel-rt (RHSA-2025:13961)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13961 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
Linux Distros Unpatched Vulnerability : CVE-2024-35978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix memory leak in hcireqsynccomplete In 'hcireqsynccomplete', always free the...
Linux Distros Unpatched Vulnerability : CVE-2023-53046
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in...
Linux Distros Unpatched Vulnerability : CVE-2022-50166
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in...
Linux Distros Unpatched Vulnerability : CVE-2021-47180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFC: nci: fix memory leak in nciallocatedevice nfcmrvldisconnect fails to free the hcidev field in struct ncidev. Fix this by freeing hcidev in ncifreedevice...
CVE-2025-38128 Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...
kernel: Bluetooth: Fix use after free in hci_send_acl
A vulnerability was found in the Linux kernel's Bluetooth subsystem in the hcidisconnphylinkcompleteevt function. Improper cleanup and reference handling can lead to a connection object, hcon, being freed and then later accessed during a subsequent function call. This issue can lead to a...
Volkswagen MIB3 Infotainment 安全漏洞
Volkswagen MIB3 Infotainment is an infotainment system on a vehicle from Volkswagen Germany. A security vulnerability exists in the Volkswagen MIB3 Infotainment that stems from a lack of proper validation of user-supplied data in the Bluetooth stack, which could result in an integer overflow when...
SUSE CVE-2022-50166
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 "Bluetooth: Call drainworkqueue before resetting...
AZL-70358 CVE-2022-50166 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 "Bluetooth: Call drainworkqueue before resetting...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from queuing only chained jobs when the HCI work queue is empty...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a null pointer dereference in xhci on removal...
PT-2025-28878
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability exists in the vhci flush function within the Bluetooth HCI core of the Linux kernel. The vulnerability occurs when a thread closes a vhci file descriptor...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a slab-use-after-free error in l2capsendcmd. After the hci sync command releases the l2capconn, the hci receive data work queue references the released l2cap Conn when sending data to the upper layer...
kernel: Bluetooth: HCI: Fix potential null-ptr-deref
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...
kernel: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...
DEBIAN-CVE-2022-49908
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhciwrite Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 size 240: ... hex dump first 32 bytes: 00 00 ...
DEBIAN-CVE-2025-21969
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...