129 matches found
CVE-2026-53073
A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI Universal Asynchronous Receiver/Transmitter UART driver. When the hciregisterdev function fails, a flag indicating protocol initialization is not properly cleared. This oversight allows incoming UART data to be process...
CVE-2026-53252
The CVE-2026-53252 affects the Linux kernel Bluetooth HCI path. Root cause: memory leak of SRCU percpu memory when device init fails before hci_register_dev(), due to not cleaning up the SRCU struct on the unregistered fallback path. Fix: call cleanup_srcu_struct() in bt_host_release() fallback b...
PT-2026-51967
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where HCI UART PROTO INIT is not cleared when hci register dev fails within the hci uart register dev function. This failure allows incoming UA...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from reuse and race conditions in the path of Bluetooth hciuart’s shutdown and initialization processe...
PT-2026-44261
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read and infinite loop exist in the hci le create big complete evt function. The function iterates over BT BOUND connections for a BIG handle using a while loop that...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: now returns ERRPTR instead of NULL when there is no link. Currently, hciconnectsco returns NULL when there is no link i.e., when hciconnlink returns NULL. scoconnect expects ERRPTR in case of any error see...
CVE-2026-43322
A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...
CVE-2026-31772
A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI synchronization. A local user could trigger a stack buffer overflow by binding a specific type of Bluetooth socket with an excessive number of Bluetooth Isochronous Stream BIS entries. This memory corruption can lead t...
PT-2026-36435
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the hci le remote conn param req evt function, the hci conn lookup and field access are not properly protected by the hde...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack buffer overflow in the Bluetooth HCI synchronization command, which could lead to memory corruption...
PT-2026-36407
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stack buffer overflow exists in the hci le big create sync function. The function uses DEFINE FLEX to allocate a struct hci cp le big create sync on the stack with space for 17 BIS...
CVE-2025-53477 Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer
NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...
CVE-2022-33280
Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992252)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992252 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc,serdev: check percpuinitrwsem failure syzbot is reporting NULL pointer...
Espressif IoT Development Framework 缓冲区错误漏洞
Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A buffer error vulnerability exists in the Espressif IoT Development Framework versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which originates in the Bluetooth host stack in th...
CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...
PT-2025-51708
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth implementation within the Linux kernel, specifically in the hci core component. The issue relates to improper locking mechanisms when handling Bluetooth...
CVE-2025-12035
An integer overflow condition exists in Bluetooth Host stack, within the btbraclrecv routine a critical path for processing inbound BR/EDR L2CAP traffic...
EUVD-2025-203444
An integer overflow condition exists in Bluetooth Host stack, within the btbraclrecv routine a critical path for processing inbound BR/EDR L2CAP traffic...
CVE-2025-12035 Bluetooth: Integer Overflow in Bluetooth Classic (BR/EDR) L2CAP
An integer overflow condition exists in Bluetooth Host stack, within the btbraclrecv routine a critical path for processing inbound BR/EDR L2CAP traffic...