6 matches found
PT-2026-36407
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stack buffer overflow exists in the hci le big create sync function. The function uses DEFINE FLEX to allocate a struct hci cp le big create sync on the stack with space for 17 BIS...
SUSE CVE-2024-42132
In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCICONNHANDLEMAX Syzbot hit warning in hciconndel caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCICONNHANDLEMAX passe...
kernel: race condition for removal of the HCI controller
A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...
kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...
kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...
CVE-2021-33034
A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...