Lucene search
K

57 matches found

RedHat Linux
RedHat Linux
added 2021/08/31 1:41 p.m.3 views

kernel: race condition for removal of the HCI controller

A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...

7CVSS6.7AI score0.00691EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/08/31 8:31 a.m.2 views

kernel: race condition for removal of the HCI controller

A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...

7CVSS6.7AI score0.00691EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/07/21 12:47 a.m.5 views

kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan

A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...

7.8CVSS6.7AI score0.00819EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2021/07/20 10:23 p.m.11 views

kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan

A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...

7.8CVSS6.7AI score0.00819EPSS
Exploits1References7
OSV
OSV
added 2021/07/20 9:22 p.m.4 views

USN-5015-1 linux-oem-5.10 vulnerabilities

It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-33909 Michael Brown discovered that the Xen...

7.8CVSS7.1AI score0.09729EPSS
Exploits8References6
Amazon
Amazon
added 2021/07/12 12:0 a.m.2 views

Important: kernel-livepatch-4.14.231-173.360

Issue Overview: A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in...

7.8CVSS6.5AI score0.00819EPSS
Exploits1
OSV
OSV
added 2021/05/25 5:15 p.m.3 views

CVE-2020-10066

Incorrect Error Handling in Bluetooth HCI core. Zephyr versions = v1.14.2, = v2.2.0 contain NULL Pointer Dereference CWE-476. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr...

5.7CVSS5.5AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.4 views

Zephyr 缓冲区错误漏洞

Zephyr is an open source, small, scalable real-time operating system. A security vulnerability exists in Zephyr versions >= v1.14.2 and >= v2.2.0, which stems from a lack of size checking in Bluetooth HCI on SPI. No details of the vulnerability are available at this time...

8.8CVSS5.6AI score0.00486EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.5 views

Zephyr 代码问题漏洞

Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. Zephyr suffers from a security vulnerability that stems from error handling in the Bluetooth HCI kernel. No detailed vulnerability details are provided at this time...

5.7CVSS5.6AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2020/03/24 7:15 p.m.1 views

CVE-2019-20546

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 Broadcom Wi-Fi chipsets software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 November 2019...

6.5CVSS6.6AI score0.0023EPSS
Exploits0References1
OSV
OSV
added 2019/05/10 10:29 p.m.1 views

DEBIAN-CVE-2019-11884

The dohidpsockioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character...

3.3CVSS7.2AI score0.00495EPSS
Exploits0References1
OSV
OSV
added 2018/11/14 6:29 p.m.3 views

CVE-2018-9544

In registerapp of btifhd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...

5.5CVSS5.9AI score0.00164EPSS
Exploits0References2
CNVD
CNVD
added 2015/07/02 12:0 a.m.1 views

Apple MAC OS X Bluetooth HCI Interface Memory Corruption Vulnerability

Apple Mac OS X is a commercial operating system. A memory corruption vulnerability exists in Apple Mac OS X's handling of the Bluetooth HCI interface, which could allow an attacker to run a malicious application to execute arbitrary code...

9.3CVSS7.3AI score0.02803EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Motorola Bluetooth Interface Dialog Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17190/info Motorola mobile handsets are prone to a dialog-spoofing vulnerability when accepting Bluetooth communications. An attacker could exploit this issue to trick a user into granting them AT access to the device. Th...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2007/01/04 10:0 p.m.16 views

CVE-2006-6860

Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information...

7.9AI score0.05359EPSS
Exploits0References6
CVE
CVE
added 2007/01/04 10:0 p.m.38 views

CVE-2006-6860

The CVE-2006-6860 entry describes a buffer overflow in MythControl 1.0 (and earlier) in the sendToMythTV function within MythControlServer.c. A crafted sendStr string sent to the Bluetooth interface can allow remote code execution. The vulnerability affects MythControl’s Bluetooth handling (sendT...

10CVSS8.2AI score0.05359EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2006/12/31 5:0 a.m.11 views

CVE-2006-6860

Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information...

10CVSS7.9AI score0.05359EPSS
Exploits0References6
Rows per page
Query Builder