50 matches found
CVE-2023-23002
In the Linux kernel before 5.16.3, drivers/bluetooth/hciqca.c misinterprets the devmgpiodgetindexoptional return value expects it to be NULL in the error case, whereas it is actually an error pointer...
PT-2025-18627
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.8 Description A use-after-free condition has been identified in the Linux kernel's Bluetooth L2CAP implementation. This issue arises from a race condition between two parallel flows: l2cap reassemble sdu and...
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to...
UBUNTU-CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to...
SUSE: Security Advisory (SUSE-SU-2017:2523-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
kernel: net: bluetooth: type confusion while processing AMP packets
A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP Logical Link Control and Adaptation Protocol packets with A2MP Alternate MAC-PHY Manager Protocol CID Channel Identifier. This flaw allows a remote attacker in an adjacent range to crash the system, causing a...
kernel: net: bluetooth: information leak when processing certain AMP packets
An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP Alternate MAC-PHY Manager Protocol packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory o...
CVE-2019-10207
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the syste...
kernel: stack buffer overflow in the native Bluetooth stack
A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel CONFIGCCSTACKPROTECTOR=y, which is enabled on all architectures other tha...
UBUNTU-CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space...