57 matches found
kernel: race condition for removal of the HCI controller
A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...
kernel: race condition for removal of the HCI controller
A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to...
kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...
kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hcidisconnloglinkcompleteevt, yet stil...
USN-5015-1 linux-oem-5.10 vulnerabilities
It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-33909 Michael Brown discovered that the Xen...
Important: kernel-livepatch-4.14.231-173.360
Issue Overview: A use-after-free flaw was found in hcisendacl in the bluetooth host controller interface HCI in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in...
CVE-2020-10066
Incorrect Error Handling in Bluetooth HCI core. Zephyr versions = v1.14.2, = v2.2.0 contain NULL Pointer Dereference CWE-476. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gc66-xfrc-24qr...
Zephyr 缓冲区错误漏洞
Zephyr is an open source, small, scalable real-time operating system. A security vulnerability exists in Zephyr versions >= v1.14.2 and >= v2.2.0, which stems from a lack of size checking in Bluetooth HCI on SPI. No details of the vulnerability are available at this time...
Zephyr 代码问题漏洞
Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. Zephyr suffers from a security vulnerability that stems from error handling in the Bluetooth HCI kernel. No detailed vulnerability details are provided at this time...
CVE-2019-20546
An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 Broadcom Wi-Fi chipsets software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 November 2019...
DEBIAN-CVE-2019-11884
The dohidpsockioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character...
CVE-2018-9544
In registerapp of btifhd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...
Apple MAC OS X Bluetooth HCI Interface Memory Corruption Vulnerability
Apple Mac OS X is a commercial operating system. A memory corruption vulnerability exists in Apple Mac OS X's handling of the Bluetooth HCI interface, which could allow an attacker to run a malicious application to execute arbitrary code...
Motorola Bluetooth Interface Dialog Spoofing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17190/info Motorola mobile handsets are prone to a dialog-spoofing vulnerability when accepting Bluetooth communications. An attacker could exploit this issue to trick a user into granting them AT access to the device. Th...
CVE-2006-6860
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information...
CVE-2006-6860
The CVE-2006-6860 entry describes a buffer overflow in MythControl 1.0 (and earlier) in the sendToMythTV function within MythControlServer.c. A crafted sendStr string sent to the Bluetooth interface can allow remote code execution. The vulnerability affects MythControl’s Bluetooth handling (sendT...
CVE-2006-6860
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information...