20 matches found
CVE-2026-53251
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...
CVE-2026-53251
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...
CVE-2026-53251
CVE-2026-53251: Linux kernel Bluetooth ISO path vulnerability where hci_get_route() leaks a reference-counted hci_dev pointer (via hci_dev_hold()) on exit, without releasing it. Documented as a resource leak that can contribute to a Denial of Service. Several advisories indicate patches exist (e....
CVE-2026-53251
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...
Bluetooth: hci_conn: fix potential UAF in create_big_sync
...
SUSE CVE-2026-46111
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...
CVE-2026-46111
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...
UBUNTU-CVE-2026-46111
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...
CVE-2026-46111
The CVE concerns a use-after-free in the Linux kernel Bluetooth stack (hci_conn, BIG creation). The patch adds hci_conn_valid() in create_big_sync() to detect stale connections before BIG creation, handles -ECANCELED in create_big_complete(), and re-validates under hci_dev_lock() before dereferen...
CVE-2026-46111
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the potential for reusing memory after the creation of the createbigsync function in the Bluetooth HCI...
kernel: Bluetooth: Ignore too large handle values in BIG
A vulnerability was found in the Linux kernel's bluetooth subsystem in the function hcilebigsyncestablishedevt where a lack of proper checks does not validate whether a received connection handle exceeds the maximum allowed value. This could lead to system instability or crashes...
kernel: Bluetooth: HCI: Fix potential null-ptr-deref
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...
kernel: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
A warning was observed in the Linux kernel in hciconndel caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCICONNHANDLEMAX passed by hcilebigsyncestablishedevt, which makes code think it's unset connection...
DEBIAN-CVE-2024-42133
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hcilebigsyncestablishedevt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hciconncleanup...
UBUNTU-CVE-2024-42133
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hcilebigsyncestablishedevt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hciconncleanup...
The vulnerability of the hci_le_big_sync_established_evt() function in the Linux operating system’s Bluetooth kernel implementation allows a attacker to cause a service failure.
The vulnerability of the hcilebigsyncestablishedevt function in the net/bluetooth/hcievent.c module of the Linux operating system’s Bluetooth kernel implementation is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
SUSE CVE-2024-36011
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...
DEBIAN-CVE-2024-36011
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...
UBUNTU-CVE-2024-36011
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...