25 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: validate the length of the advertising payload sent via meshsend The meshsend function currently limits the MGMTOPMESHSEND operation based on the total command length. However, it does not verify whether the...
SUSE CVE-2026-43017
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the bytes supplied for the flexible advdata array actually match the...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: refactoring the malicious adv data check The issue of out-of-bound reads was detected at the end of the while loop involving the numreports loop. This could lead to false positives being recorded in the journal. A...
Linux Distros Unpatched Vulnerability : CVE-2026-43017
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the...
CVE-2026-43017
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the bytes supplied for the flexible advdata array actually match the...
EUVD-2026-26616
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the bytes supplied for the flexible advdata array actually match the...
PT-2026-36434
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth MGMT component where the mesh send function fails to verify that the bytes provided for the flexible adv data array match the embedded adv data len field...
Google will pay $8.25m to settle child data-tracking allegations
Google has settled yet another class-action lawsuit accusing it of collecting children’s data and using it to target them with advertising. The tech giant will pay $8.25 million to address allegations that it tracked data on apps specifically designated for kids. AdMob's mobile data collection Th...
CVE-2025-40294 Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to HCIMAXEXTADLENGTH251. The size of the 'value' array in the mgmtadvpatter...
PT-2025-49427
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s Bluetooth implementation within the parse adv monitor pattern function. The issue involves a potential out-of-bounds access when copying data into the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988948)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988948 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at t...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989864)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989864 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at t...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986740)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986740 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at t...
TikTok is misusing kids’ data, says privacy watchdog
A group of privacy commissioners in Canada have accused TikTok of scooping up information about hundreds of thousands of children who shouldn't have been on the platform. The Chinese social media giant is also accused of collecting data on Canadian users without properly explaining what it does...
Bluetooth: eir: Fix possible crashes on eir_create_adv_data
...
DEBIAN-CVE-2025-38303
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix possible crashes on eircreateadvdata eircreateadvdata may attempt to add EIRFLAGS and EIRTXPOWER without checking if that would fit...
UBUNTU-CVE-2025-38303
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix possible crashes on eircreateadvdata eircreateadvdata may attempt to add EIRFLAGS and EIRTXPOWER without checking if that would fit...
CVE-2025-38303
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix possible crashes on eircreateadvdata eircreateadvdata may attempt to add EIRFLAGS and EIRTXPOWER without checking if that would fit...
PT-2025-29023
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The eir create adv data function may attempt to add EIR FLAGS and EIR TX POWER without verifying sufficient space, potentially leading to crashes. Recommendations: At the moment, there...
UBUNTU-CVE-2023-53017
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix memory leak in hciupdateadvdata When hcicmdsyncqueue failed in hciupdateadvdata, instptr is not freed, which will cause memory leak, convert to use ERRPTR/PTRERR to pass the instance to callback so no memo...