4 matches found
CVE-2026-53073
CVE-2026-53073 concerns the Linux kernel Bluetooth HCI LDISC: when hci_register_dev() fails in hci_uart_register_dev(), HCI_UART_PROTO_INIT wasn’t cleared before closing and NULLing the HCI device, allowing incoming UART data to reach the protocol recv path after resources are freed. The fix adds...
MiracleLinux 8 : kernel-4.18.0-240.el8 (AXSA:2021-1489:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1489:04 advisory. kernel: use after free in the video driver leads to local privilege escalation CVE-2019-9458 kernel: use-after-free in drivers/bluetooth/hcildisc.c...
CVE-2022-50374 Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc,serdev: check percpuinitrwsem failure syzbot is reporting NULL pointer dereference at hciuartttyclose 1, for rcusyncenter is called without rcusyncinit due to hciuartttyopen ignoring percpuinitrwsem failure...
UBUNTU-CVE-2023-31083
An issue was discovered in drivers/bluetooth/hcildisc.c in the Linux kernel 6.2. In hciuartttyioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCIUARTPROTOSET is set before hu-proto is set. A NULL pointer dereference may occur...