1048 matches found
PT-2026-30156
Name of the Vulnerable Software and Affected Versions Linux kernel versions 7.0.0-rc1 through 7.0.0-rc1 Description The Linux kernel contains a use-after-free UAF flaw within the Bluetooth HIDP subsystem. The issue arises from a failure to drop the l2cap conn reference when the user's remove...
PT-2026-30155
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth L2CAP implementation, specifically within the l2cap unregister user function. A race condition occurs because l2cap register user and l2cap...
CVE-2026-28526 BlueKitchen BTstack < 1.8.1 AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_* Handlers OOB Read
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50453: gpiolib: cdev: fix NULL-pointer dereferences bsc1250887. CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue...
Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
...
CVE-2026-23395
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...
Linux Distros Unpatched Vulnerability : CVE-2026-23395
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255163. CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in...
SUSE-SU-2026:0961-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255163. - CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in...
CLSA-2026-1773056241 kernel: Fix of 21 CVEs
i40e: fix IRQ freeing in i40evsirequestirqmsix error path CVE-2025-39911 - media: rc: fix races with imondisconnect CVE-2025-39993 - VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify CVE-2025-38102 - partitions: mac: fix handling of bogus partition table CVE-2025-21772 - tracing:...
CLSA-2026-1773048865 kernel: Fix of 53 CVEs
xhci: Remove device endpoints from bandwidth list when freeing the device CVE-2022-50470 - HID: multitouch: Add NULL check in mtinputconfigured CVE-2024-58020 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - fs: writeback: fix use-after-free in markinodedirty...
Oracle Linux 7 : kernel (ELSA-2026-1581)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1581 advisory. - e1000e: fix heap overflow in e1000seteeprom CVE-2025-39898 Orabug: 38904071 - i40e: fix idx validation in config queues msg CVE-2025-39971 Orabug:...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005727)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005727 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling...
RHEL 8 : kernel (RHSA-2026:3360)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3360 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: RDMA/core: Fix KASAN:...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
kernel: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capdisconnectreq,rsp Similar to commit d0be8347c623 "Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput", just use l2capchanholdunlesszero to prevent referencing a channel that i...
Oracle Linux 7 : kernel (ELSA-2026-0755)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0755 advisory. - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 Orabug: 38860426 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705...
kernel security update
3.10.0-1160.119.1.0.17 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 Orabug: 38860426 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 Orabug: 38860426 - netsched: hfsc: Fix a potential UAF in hfscdequeue too CVE-2025-37823 Orabug: 38860426 - libceph: fix...
CVE-2025-32059
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on th...