Lucene search
K

20 matches found

NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53251

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...

5.5CVSS0.00127EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53251

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...

5.7AI score0.00127EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53251

CVE-2026-53251: Linux kernel Bluetooth ISO path vulnerability where hci_get_route() leaks a reference-counted hci_dev pointer (via hci_dev_hold()) on exit, without releasing it. Documented as a resource leak that can contribute to a Denial of Service. Several advisories indicate patches exist (e....

5.5CVSS5.7AI score0.00127EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53251

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...

5.5CVSS5.6AI score0.00127EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:3 a.m.10 views

Bluetooth: hci_conn: fix potential UAF in create_big_sync

...

7.8CVSS5.4AI score0.00125EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/29 1:17 a.m.13 views

SUSE CVE-2026-46111

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

6.4CVSS5.8AI score0.00125EPSS
Exploits0References12
NVD
NVD
added 2026/05/28 10:16 a.m.11 views

CVE-2026-46111

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

7.8CVSS0.00125EPSS
Exploits0References5
OSV
OSV
added 2026/05/28 10:16 a.m.6 views

UBUNTU-CVE-2026-46111

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References8
CVE
CVE
added 2026/05/28 9:35 a.m.25 views

CVE-2026-46111

The CVE concerns a use-after-free in the Linux kernel Bluetooth stack (hci_conn, BIG creation). The patch adds hci_conn_valid() in create_big_sync() to detect stale connections before BIG creation, handles -ECANCELED in create_big_complete(), and re-validates under hci_dev_lock() before dereferen...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.9 views

CVE-2026-46111

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

7.8CVSS5.7AI score0.00125EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the potential for reusing memory after the creation of the createbigsync function in the Bluetooth HCI...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.4 views

kernel: Bluetooth: Ignore too large handle values in BIG

A vulnerability was found in the Linux kernel's bluetooth subsystem in the function hcilebigsyncestablishedevt where a lack of proper checks does not validate whether a received connection handle exceeds the maximum allowed value. This could lead to system instability or crashes...

5.5CVSS7.2AI score0.00225EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:28 a.m.6 views

kernel: Bluetooth: HCI: Fix potential null-ptr-deref

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

5.5CVSS6.8AI score0.0021EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.2 views

kernel: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX

A warning was observed in the Linux kernel in hciconndel caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCICONNHANDLEMAX passed by hcilebigsyncestablishedevt, which makes code think it's unset connection...

7.1CVSS7.4AI score0.00226EPSS
Exploits0References5
OSV
OSV
added 2024/07/30 8:15 a.m.1 views

DEBIAN-CVE-2024-42133

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hcilebigsyncestablishedevt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hciconncleanup...

5.5CVSS5.3AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2024/07/30 8:15 a.m.2 views

UBUNTU-CVE-2024-42133

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hcilebigsyncestablishedevt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hciconncleanup...

5.5CVSS5.7AI score0.00225EPSS
Exploits0References16
BDU FSTEC
BDU FSTEC
added 2024/06/14 12:0 a.m.7 views

The vulnerability of the hci_le_big_sync_established_evt() function in the Linux operating system’s Bluetooth kernel implementation allows a attacker to cause a service failure.

The vulnerability of the hcilebigsyncestablishedevt function in the net/bluetooth/hcievent.c module of the Linux operating system’s Bluetooth kernel implementation is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.0021EPSS
Exploits0References11Affected Software3
SUSE CVE
SUSE CVE
added 2024/05/29 2:10 p.m.3 views

SUSE CVE-2024-36011

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

5.5CVSS6.8AI score0.0021EPSS
Exploits0References14
OSV
OSV
added 2024/05/23 7:15 a.m.2 views

DEBIAN-CVE-2024-36011

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

5.5CVSS5.6AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2024/05/23 7:15 a.m.3 views

UBUNTU-CVE-2024-36011

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

5.5CVSS6.5AI score0.0021EPSS
Exploits0References11
Rows per page
Query Builder