1840 matches found
CVE-2026-5589
An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...
CVE-2026-5589
An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...
EUVD-2026-34322
An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...
CVE-2026-5589 Out-of-bounds write caused by an integer underflow in the Bluetooth Mesh subsystem.
An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...
CVE-2026-5589
The CVE affects Zephyr’s Bluetooth Mesh subsystem, specifically bt_mesh_sol_recv() in subsys/bluetooth/mesh/solicitation.c. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the AD parsing loop reads a length byte (reported_len) and computes reported_len - 3 without ensuring reported_len >= 3....
PT-2026-46319
An integer underflow in bt mesh sol recv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIG BT MESH OD PRIV PROXY SRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop...
SUSE CVE-2026-46206
In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tpmeter sessions during teardown Prevent tpmeter from starting new sender or receiver sessions after meshstate has left BATADVMESHACTIVE...
SUSE CVE-2026-46208
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...
Linux Distros Unpatched Vulnerability : CVE-2026-46208
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When th...
CVE-2026-46206
A flaw was found in the Linux kernel's batman-adv module, specifically in the tpmeter component. This vulnerability allows tpmeter to initiate new sender or receiver sessions even after the mesh state has exited BATADVMESHACTIVE. This improper state management could lead to unexpected behavior or...
CVE-2026-46208
A flaw was found in the Linux kernel's batman-adv module. When a mesh interface is removed, the batadvmeshfree function does not properly stop tpmeter sessions. This oversight allows active tpmeter sender threads or late incoming packets to continue processing against a mesh instance that is in t...
CVE-2026-45021
Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...
CVE-2026-46208
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...
CVE-2026-46206
In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tpmeter sessions during teardown Prevent tpmeter from starting new sender or receiver sessions after meshstate has left BATADVMESHACTIVE...
UBUNTU-CVE-2026-46206
In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tpmeter sessions during teardown Prevent tpmeter from starting new sender or receiver sessions after meshstate has left BATADVMESHACTIVE...
UBUNTU-CVE-2026-46208
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...
CVE-2026-46208
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...
CVE-2026-46208
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...
CVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardown
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...
CVE-2026-46208
In the Linux kernel, batman-adv has a vulnerability where tp_meter sessions are not stopped during mesh teardown in batadv_mesh_free(). This allows a running sender thread or late tp_meter packets to keep operating against a mesh instance that is shutting down, potentially causing system instabil...