Lucene search
+L

130 matches found

BDU FSTEC
BDU FSTEC
added 2025/06/17 12:0 a.m.6 views

The vulnerability of the hci_init_stage_sync() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the hciinitstagesync function in the Linux operating system is related to read misses beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.6AI score0.00168EPSS
Exploits0References7Affected Software3
Vulnrichment
Vulnrichment
added 2025/06/03 5:53 a.m.11 views

CVE-2025-27031 Use After Free in Bluetooth HOST

memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed...

7.8CVSS8AI score0.00083EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/03 5:53 a.m.22 views

CVE-2025-27031 Use After Free in Bluetooth HOST

memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed...

7.8CVSS0.00083EPSS
Exploits0References1
CVE
CVE
added 2025/06/03 5:53 a.m.59 views

CVE-2025-27031

CVE-2025-27031 affects Qualcomm chipsets. The vulnerability is a memory corruption in the kernel/driver path when handling IOCTLs: a buffer used in write loopback mode can be accessed after it has been freed, leading to potential arbitrary code execution or a crash. Affected component is describe...

7.8CVSS8AI score0.00083EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:45 a.m.8 views

CVE-2023-21667

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard...

6.5CVSS6.9AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2025/05/02 4:15 p.m.10 views

UBUNTU-CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

7.1CVSS6.2AI score0.00168EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/06 2:6 a.m.11 views

CVE-2022-25651

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

10CVSS7.6AI score0.00802EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:23 p.m.11 views

CVE-2022-33290

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed...

7.5CVSS6.8AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:13 p.m.11 views

CVE-2022-33268

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

8.2CVSS7.2AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:11 p.m.13 views

CVE-2022-33255

Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device...

8.2CVSS6.9AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:5 p.m.12 views

CVE-2022-22096

Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile...

9.8CVSS7.8AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:0 p.m.8 views

CVE-2022-22088

Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote...

9.8CVSS7.5AI score0.00506EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:50 p.m.15 views

CVE-2022-40537

Memory corruption in Bluetooth HOST while processing the AVRCPDUGETPLAYERAPPVALUETEXT AVRCP response...

9.8CVSS7.1AI score0.00364EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:47 p.m.10 views

CVE-2022-40503

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming...

8.2CVSS6.9AI score0.00406EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.5 views

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr version 3.6 and earlier, which stems from an incorrect discard routine causing a heap overflow in bthcileadvextreport in /subsys/bluetooth/host/scan.c. The vulnerability is...

7.6CVSS7AI score0.00608EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/08/06 1:59 a.m.3 views

SUSE CVE-2024-42132

In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCICONNHANDLEMAX Syzbot hit warning in hciconndel caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCICONNHANDLEMAX passe...

5.5CVSS7.8AI score0.00226EPSS
Exploits0References10
OSV
OSV
added 2024/06/20 8:15 a.m.15 views

AZL-68108 CVE-2024-38620 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCIAMP support Since BTHS has been remove HCIAMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...

5.5CVSS6.6AI score0.00209EPSS
Exploits0References1
OSV
OSV
added 2024/06/20 8:15 a.m.12 views

UBUNTU-CVE-2024-38620

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCIAMP support Since BTHS has been remove HCIAMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...

5.5CVSS6.5AI score0.00209EPSS
Exploits0References12
OSV
OSV
added 2024/04/09 1:53 p.m.14 views

USN-6701-4 linux-azure vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service bluetooth communication. CVE-2023-2002 It was discovered that the NVIDIA Tegra...

7.8CVSS7.2AI score0.28058EPSS
Exploits18References13
Cvelist
Cvelist
added 2024/03/04 10:48 a.m.27 views

CVE-2023-43540 Buffer Copy Without Checking Size of Input in Bluetooth HOST

Memory corruption while processing the IOCTL FM HCI WRITE request...

8.4CVSS8.8AI score0.00111EPSS
Exploits0References1
Rows per page
Query Builder