CVE-2026-53255

A flaw was found in the Linux kernel's Bluetooth Management MGMT component. A remote attacker could exploit this by providing specially crafted advertising data, leading to an out-of-bounds read vulnerability. This occurs because the system incorrectly validates the length of advertising data...

UBUNTU-CVE-2026-53209

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

CVE-2026-53255

CVE-2026-53255 (Linux kernel Bluetooth MGMT TLV parsing) : The vulnerability arises in tlv_data_is_valid() where the advertising data field length is read from data[i] and the parser inspects data[i+1] for EIR types before confirming the field fits in the buffer. A malformed field whose length by...

CVE-2026-53255

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlvdataisvalid reads each advertising data field length from datai, then inspects datai + 1 for managed EIR types before checking that the current field still fits insi...

CVE-2026-53209 Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

EUVD-2026-39300

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: validate the length of the advertising payload sent via meshsend The meshsend function currently limits the MGMTOPMESHSEND operation based on the total command length. However, it does not verify whether the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: refactoring the malicious adv data check The issue of out-of-bound reads was detected at the end of the while loop involving the numreports loop. This could lead to false positives being recorded in the journal. A...

SUSE CVE-2026-43017

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the bytes supplied for the flexible advdata array actually match the...

Linux Distros Unpatched Vulnerability : CVE-2026-43017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the...

CVE-2026-43017

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the bytes supplied for the flexible advdata array actually match the...

EUVD-2026-26616

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length meshsend currently bounds MGMTOPMESHSEND by total command length, but it never verifies that the bytes supplied for the flexible advdata array actually match the...

PT-2026-36434

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth MGMT component where the mesh send function fails to verify that the bytes provided for the flexible adv data array match the embedded adv data len field...

Google will pay $8.25m to settle child data-tracking allegations

Google has settled yet another class-action lawsuit accusing it of collecting children’s data and using it to target them with advertising. The tech giant will pay $8.25 million to address allegations that it tracked data on apps specifically designated for kids. AdMob's mobile data collection Th...

CVE-2025-40294 Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to HCIMAXEXTADLENGTH251. The size of the 'value' array in the mgmtadvpatter...

PT-2025-49427

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s Bluetooth implementation within the parse adv monitor pattern function. The issue involves a potential out-of-bounds access when copying data into the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988948)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988948 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at t...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989864)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989864 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at t...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986740 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at t...

TikTok is misusing kids’ data, says privacy watchdog

A group of privacy commissioners in Canada have accused TikTok of scooping up information about hundreds of thousands of children who shouldn't have been on the platform. The Chinese social media giant is also accused of collecting data on Canadian users without properly explaining what it does...