Lucene search
K

1035 matches found

SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.8 views

SUSE CVE-2026-31498

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdulen infinite loop l2capconfigreq processes CONFIGREQ for channels in BTCONNECTED state to support L2CAP reconfiguration e.g. MTU changes. However, since both CONFINPUTDONE and...

6.5CVSS5.6AI score0.00123EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.8 views

SUSE CVE-2026-31499

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the work functions l2capinfotimeout and l2capconnupdateidaddr both acqui...

5.3CVSS5.6AI score0.00094EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.7 views

SUSE CVE-2026-31510

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range 0x0000000000000260-0x0000000000000267 CPU: 0 UID: 0 PID: 5985 Comm:...

5.6AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.7 views

SUSE CVE-2026-31513

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...

5.8AI score0.00252EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/22 8:3 p.m.8 views

CVE-2026-31512

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol component. The l2capecreddatarcv function fails to validate the incoming data packet unit PDU length before attempting to read the Service Data Unit SDU length. This oversight allows an attacker to...

5.7CVSS5.2AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/22 7:54 p.m.7 views

CVE-2026-31510

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol module. This vulnerability, a null pointer dereference, occurs in the l2capsockreadycb function because it fails to validate if a pointer is null before attempting to use it. An attacker within...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/22 7:35 p.m.5 views

CVE-2026-31499

A flaw was found in the Linux kernel's Bluetooth L2CAP component. A deadlock can occur in the l2capconndel function when canceling delayed work, specifically infotimer and idaddrtimer. This happens because l2capconndel holds a lock while attempting to cancel work functions that also acquire the...

5.5CVSS5.2AI score0.00094EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24872

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdulen infinite loop l2capconfigreq processes CONFIGREQ for channels in BTCONNECTED state to support L2CAP reconfiguration e.g. MTU changes. However, since both CONFINPUTDONE and...

5.6AI score0.00123EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24897

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...

5.8AI score0.00252EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 2:16 p.m.7 views

CVE-2026-31510

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range 0x0000000000000260-0x0000000000000267 CPU: 0 UID: 0 PID: 5985 Comm:...

5.5CVSS0.00123EPSS
Exploits0References8
NVD
NVD
added 2026/04/22 2:16 p.m.5 views

CVE-2026-31512

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddatarcv l2capecreddatarcv reads the SDU length field from skb-data using getunalignedle16 without first verifying that skb contains at least...

5.5CVSS0.00123EPSS
Exploits0References8
NVD
NVD
added 2026/04/22 2:16 p.m.7 views

CVE-2026-31513

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...

8.1CVSS0.00252EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 2:16 p.m.5 views

CVE-2026-31499

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the work functions l2capinfotimeout and l2capconnupdateidaddr both acqui...

5.5CVSS0.00094EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 1:54 p.m.19 views

CVE-2026-31512

Mode C CVE-2026-31512 affects the Linux kernel Bluetooth L2CAP path. The vulnerability arises in l2cap_ecred_data_rcv() where the SDU length is read from skb->data using get_unaligned_le16() without first ensuring skb contains at least 2 bytes (L2CAP_SDULEN_SIZE). If skb->len

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/04/22 1:54 p.m.10 views

CVE-2026-31513

Summary: CVE-2026-31513 affects the Linux kernel Bluetooth L2CAP code. A stack-out-of-bounds read occurs in l2cap_ecred_conn_req when handling a malformed Enhanced Credit Based Connection Request with more SCIDs than allowed. The bug arises from computing rsp_len before validating the number of S...

8.1CVSS5.8AI score0.00252EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:54 p.m.31 views

CVE-2026-31513 Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...

8.1CVSS0.00252EPSS
Exploits0References4
CVE
CVE
added 2026/04/22 1:54 p.m.21 views

CVE-2026-31510

CVE-2026-31510: Linux kernel Bluetooth L2CAP vulnerability due to a null pointer dereference in l2cap_sock_ready_cb. The issue arises because sk is used without verifying it’s non-null, leading to a kernel panic/DoS. Multiple OS advisories (Debian roots, Ubuntu, Red Hat, SUSE, etc.) report the pa...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:54 p.m.34 views

CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range 0x0000000000000260-0x0000000000000267 CPU: 0 UID: 0 PID: 5985 Comm:...

0.00123EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/22 1:54 p.m.4 views

CVE-2026-31499

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the work functions l2capinfotimeout and l2capconnupdateidaddr both acqui...

5.5CVSS5.7AI score0.00094EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/22 1:54 p.m.30 views

CVE-2026-31499

CVE-2026-31499 affects the Linux kernel Bluetooth L2CAP code. The vulnerability stems from l2cap_conn_del() canceling delayed work (info_timer and id_addr_timer) while holding conn->lock, while the corresponding work functions (l2cap_info_timeout() and l2cap_conn_update_id_addr()) also acquire...

5.5CVSS5.6AI score0.00094EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder