PT-2026-44261

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci event: Fix OOB read and infinite loop in hci le create big complete evt hci le create big complete evt iterates over BT BOUND connections for a BIG handle using a while loop, accessing ev-bis handlei++ on each...

CVE-2026-43322

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link i.e. when hciconnlink returns NULL. scoconnect expects an ERRPTR in case of any error see line 266...

CVE-2026-31772

A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI synchronization. A local user could trigger a stack buffer overflow by binding a specific type of Bluetooth socket with an excessive number of Bluetooth Isochronous Stream BIS entries. This memory corruption can lead t...

PT-2026-36435

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the hci le remote conn param req evt function, the hci conn lookup and field access are not properly protected by the hde...

PT-2026-36407

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci sync: fix stack buffer overflow in hci le big create sync hci le big create sync uses DEFINE FLEX to allocate a struct hci cp le big create sync on the stack with room for 0x11 17 BIS entries. However, conn-num bis...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack buffer overflow in the Bluetooth HCI synchronization command, which could lead to memory corruption...

CVE-2025-53477 Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

CVE-2022-33280

Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992252)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992252 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc,serdev: check percpuinitrwsem failure syzbot is reporting NULL pointer...

Espressif IoT Development Framework 缓冲区错误漏洞

Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A buffer error vulnerability exists in the Espressif IoT Development Framework versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which originates in the Bluetooth host stack in th...

CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack BlueDroid, the function btadmsdpresult used a fixed-size array uuidlist32MAXUUIDSIZE to store discovered service UUIDs during the...

PT-2025-51708

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth implementation within the Linux kernel, specifically in the hci core component. The issue relates to improper locking mechanisms when handling Bluetooth...

CVE-2025-12035

An integer overflow condition exists in Bluetooth Host stack, within the btbraclrecv routine a critical path for processing inbound BR/EDR L2CAP traffic...

CVE-2025-12035

An integer overflow condition exists in Bluetooth Host stack, within the btbraclrecv routine a critical path for processing inbound BR/EDR L2CAP traffic...

EUVD-2025-203444

An integer overflow condition exists in Bluetooth Host stack, within the btbraclrecv routine a critical path for processing inbound BR/EDR L2CAP traffic...

PT-2025-51278

Name of the Vulnerable Software and Affected Versions Bluetooth affected versions not specified Description An integer overflow condition exists in the Bluetooth Host stack, specifically within the bt br acl recv routine. This routine is a critical path for processing inbound BR/EDR L2CAP traffic...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990130)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990130 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: cancel all works upon hciunregisterdev syzbot is reporting that calling...

EUVD-2022-30306

Malicious code in bioql PyPI...

EUVD-2022-36311

Malicious code in bioql PyPI...