PT-2026-44261

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci event: Fix OOB read and infinite loop in hci le create big complete evt hci le create big complete evt iterates over BT BOUND connections for a BIG handle using a while loop, accessing ev-bis handlei++ on each...

CVE-2026-43322

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link i.e. when hciconnlink returns NULL. scoconnect expects an ERRPTR in case of any error see line 266...

CVE-2026-31772

A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI synchronization. A local user could trigger a stack buffer overflow by binding a specific type of Bluetooth socket with an excessive number of Bluetooth Isochronous Stream BIS entries. This memory corruption can lead t...

PT-2026-36435

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the Bluetooth component. In the hci le remote conn param req evt function, the hci conn lookup and field access are not properly protected by the hde...

PT-2026-36407

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci sync: fix stack buffer overflow in hci le big create sync hci le big create sync uses DEFINE FLEX to allocate a struct hci cp le big create sync on the stack with room for 0x11 17 BIS entries. However, conn-num bis...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack buffer overflow in the Bluetooth HCI synchronization command, which could lead to memory corruption...

PT-2025-51708

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth implementation within the Linux kernel, specifically in the hci core component. The issue relates to improper locking mechanisms when handling Bluetooth...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990130)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990130 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: cancel all works upon hciunregisterdev syzbot is reporting that calling...

kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...

ALSA-2025:13961 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with...

DEBIAN-CVE-2022-50166

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 "Bluetooth: Call drainworkqueue before resetting...

PT-2025-28878

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability exists in the vhci flush function within the Bluetooth HCI core of the Linux kernel. The vulnerability occurs when a thread closes a vhci file descriptor...

UBUNTU-CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

SUSE CVE-2024-42132

In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCICONNHANDLEMAX Syzbot hit warning in hciconndel caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCICONNHANDLEMAX passe...

AZL-68108 CVE-2024-38620 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCIAMP support Since BTHS has been remove HCIAMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...

UBUNTU-CVE-2024-38620

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCIAMP support Since BTHS has been remove HCIAMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...

USN-6520-1 linux-starfive-6.2 vulnerabilities

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. CVE-2023-25775 Yu Hao and...

USN-6465-3 linux-gke vulnerabilities

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2023-31083 Lin Ma discovered that the Netlink...

USN-6465-2 linux-raspi vulnerabilities

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2023-31083 Lin Ma discovered that the Netlink...