79 matches found
CVE-2026-9263 Out-of-bounds read in Bluetooth Controller ISOAL framed RX reassembly leaks adjacent memory into host HCI ISO packets
The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...
Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
...
PT-2026-36439
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where the hci cmd sync queue once function fails to indicate whether a queue item was added. This prevents the caller from knowing if callbacks...
EUVD-2026-1849
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...
CVE-2025-53477
CVE-2025-53477 is a NULL pointer dereference vulnerability in Apache NimBLE (NimBLE host HCI layer). The issue stems from missing validation of HCI connection complete or HCI command TX buffers, which can lead to a NULL pointer dereference when combined with disabled asserts and a malfunctioning ...
CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability
ESF-IDF is the Espressif Internet of Things IOT Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address AA of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly...
CVE-2025-47370
Technical details, affected product/versions, root cause, and fixes for CVE-2025-47370 are not publicly provided in the supplied documents. Monitor for updates from vendors/security bulletins.
CVE-2025-47370 Reachable Assertion in BT Controller
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan...
CVE-2025-47342 Use After Free in BT Controller
Transient DOS may occur when multi-profile concurrency arises with QHS enabled...
CVE-2025-47342
CVE-2025-47342 concerns Qualcomm chipsets where a transient denial-of-service can occur due to concurrency involving QHS and multi-profile configurations. The Red Hat/NVD/CVE records describe the issue as a transient DOS when multiple profiles are used concurrently with QHS enabled; the CVE List ...
CVE-2025-47342 Use After Free in BT Controller
Transient DOS may occur when multi-profile concurrency arises with QHS enabled...
EUVD-2017-9305
Malware in sbrugna...
EUVD-2021-21737
Malware in sbrugna...
EUVD-2017-9306
Malware in sbrugna...
EUVD-2021-21773
Malware in sbrugna...
EUVD-2021-19253
Malware in sbrugna...
EUVD-2023-12458
Malicious code in bioql PyPI...
EUVD-2023-33744
Malicious code in bioql PyPI...
EUVD-2023-32257
Malicious code in bioql PyPI...
CVE-2025-47318
CVE-2025-47318 is a transient denial-of-service vulnerability in Qualcomm chipsets caused by parsing the EPTM test control message to retrieve the test pattern. The issue affects the EPTM parsing path and is described as a DoS with no confidentiality/integrity loss and high availability impact. P...