854 matches found
OESA-2023-1948 bluez security update
This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A. Security Fixes: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and...
Slackware Linux 15.0 / current bluez Vulnerability (SSA:2023-348-01)
The version of bluez installed on the remote host is prior to 5.71. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-348-01 advisory. - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connectio...
Relyum RELY-PCIe, RELY-REC Security Vulnerabilities
The Relyum RELY-PCIe is an intelligent pluggable board from the Spanish company Relyum. A security vulnerability exists in Relyum RELY-PCIe version 22.2.1, RELY-REC version 23.1.0, which originates from not checking the current password, which could result in the password being changed...
AZL-32161 CVE-2023-45866 affecting package bluez for versions less than 5.63-5
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...
CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...
CVE-2023-45866
CVE-2023-45866 affects BlueZ Bluetooth HID Hosts. The description states that an unauthenticated Peripheral role HID Device could initiate, establish an encrypted connection, and send HID keyboard reports, potentially injecting HID messages when there is no user interaction in the Central role to...
CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...
Fedora 39 : bluez (2023-6a3fe615d3)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6a3fe615d3 advisory. Install default input.conf/network.conf Add mitigation for CVE-2023-45866 Tenable has extracted the preceding description block directly from the Fedora...
CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...
kernel: EDAC/i10nm: fix refcount leak in pci_get_dev_wrapper()
In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: fix refcount leak in pcigetdevwrapper As the comment of pcigetdomainbusandslot says, it returns a PCI device with refcount incremented, so it doesn't need to call an extra pcidevget in pcigetdevwrapper, and the PCI...
CVE-2023-20521
TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service...
PT-2023-12738 · Unknown +1 · System Management Mode +1
Name of the Vulnerable Software and Affected Versions: System Management Mode SMM affected versions not specified Description: The issue is related to improper access control in System Management Mode SMM, which may allow an attacker to write to SPI ROM, potentially leading to arbitrary code...
AMD System Management Mode Security Vulnerability
AMD System Management Mode is a system management mode from Ultraviolet Semiconductor AMD. A CPU execution mode. A security vulnerability exists in AMD System Management Mode that stems from improper access control in System Management Mode SMM that could allow an attacker to write to the SPI ROM...
PT-2024-14722
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel where a synchronous transfer can be active during a system suspend, causing a null pointer dereference exception when the system resumes. This...
kernel: PCI: Fix use-after-free in pci_bus_release_domain_nr()
A use-after-free exists in the linux kernel such that The kernel frees the struct pcibus in pciremovebus via releasepcibusdev. After the structure is freed, a callback pcibusreleasedomainnr accesses that freed memory, leading to damage to system availability...
kernel: iommu/amd: Fix pci device refcount leak in ppr_notifier()
A reference counting violation was found in the Linux kernel's AMD IOMMU PPR Peripheral Page Request notification handler. When the handler looks up PCI devices using pcigetdomainbusandslot, it receives a reference-counted device pointer but never releases that reference before returning. This...
kernel: Linux kernel: Denial of Service due to PCI device reference count leak
A flaw was found in the Linux kernel. A local low-privileged user could exploit a reference count leak in the drm/amdgpu component. This vulnerability, related to how PCI Peripheral Component Interconnect devices are managed, could lead to a Denial of Service DoS by exhausting system resources...
kernel: PCI: Fix dropping valid root bus resources with .end = zero
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix dropping valid root bus resources with .end = zero On r8a7791/koelsch: kmemleak: 1 new suspected memory leaks see /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak unreferenced object 0xc3a34e00 size 64: comm...
The vulnerability in the interface for connecting peripheral devices via USB browsers like Google Chrome allows a hacker to execute arbitrary code.
The vulnerability of the interface for connecting peripheral devices via USB in Google Chrome browsers is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...
PT-2023-8495 · Xen +3 · Xen +3
Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to the functionality of phantom functions in PCI devices, which can generate requests using the IDs of unpopulated functions, allowing a device to extend the number of...