130 matches found
The vulnerability of the hci_init_stage_sync() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the hciinitstagesync function in the Linux operating system is related to read misses beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2025-27031 Use After Free in Bluetooth HOST
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed...
CVE-2025-27031 Use After Free in Bluetooth HOST
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed...
CVE-2025-27031
CVE-2025-27031 affects Qualcomm chipsets. The vulnerability is a memory corruption in the kernel/driver path when handling IOCTLs: a buffer used in write loopback mode can be accessed after it has been freed, leading to potential arbitrary code execution or a crash. Affected component is describe...
CVE-2023-21667
Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard...
UBUNTU-CVE-2023-53057
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...
CVE-2022-25651
Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...
CVE-2022-33290
Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed...
CVE-2022-33268
Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...
CVE-2022-33255
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device...
CVE-2022-22096
Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile...
CVE-2022-22088
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote...
CVE-2022-40537
Memory corruption in Bluetooth HOST while processing the AVRCPDUGETPLAYERAPPVALUETEXT AVRCP response...
CVE-2022-40503
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming...
Zephyr 安全漏洞
Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr version 3.6 and earlier, which stems from an incorrect discard routine causing a heap overflow in bthcileadvextreport in /subsys/bluetooth/host/scan.c. The vulnerability is...
SUSE CVE-2024-42132
In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCICONNHANDLEMAX Syzbot hit warning in hciconndel caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCICONNHANDLEMAX passe...
AZL-68108 CVE-2024-38620 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCIAMP support Since BTHS has been remove HCIAMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...
UBUNTU-CVE-2024-38620
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCIAMP support Since BTHS has been remove HCIAMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...
USN-6701-4 linux-azure vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 It was discovered that the NVIDIA Tegra...
CVE-2023-43540 Buffer Copy Without Checking Size of Input in Bluetooth HOST
Memory corruption while processing the IOCTL FM HCI WRITE request...