Lucene search
+L

61 matches found

susecve
susecve
added 2026/07/01 3:19 a.m.5 views

SUSE CVE-2026-53072

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix locking in hciconnrequestevt with HCIPROTODEFER When protocol sets HCIPROTODEFER, hciconnrequestevt calls hciconnectcfmconn without hdev-lock. Generally hciconnectcfm assumes it is held, and if conn is deleted...

7.5CVSS5.8AI score0.00247EPSS
Exploits0References10
euvd
euvd
added 2026/06/25 8:39 a.m.8 views

EUVD-2026-39207

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcommconnectind th...

5.7AI score0.00266EPSS
Exploits0References8
cve
cve
added 2026/06/25 8:39 a.m.30 views

CVE-2026-53253

CVE-2026-53253 affects the Linux kernel Bluetooth BNEP stack. The vulnerability arises when a BNEP peer sends a short SDU and the kernel bnep_rx_frame() reads the packet type, then bnep_rx_control() dereferences the control opcode or setup UUID-size byte before ensuring those bytes are present. T...

7.1CVSS5.7AI score0.00274EPSS
Exploits0References7Affected Software1
redhat
redhat
added 2026/05/28 8:47 a.m.12 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS5.8AI score0.003EPSS
Exploits0References5
osv
osv
added 2026/05/01 2:15 p.m.2 views

CVE-2026-31772 Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...

7.8CVSS6AI score0.00142EPSS
Exploits0References7
redhat
redhat
added 2026/01/08 12:47 a.m.6 views

kernel: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue

A flaw was discovered in the Bluetooth subsystem of the Linux kernel. When processing a HCIEVNUMCOMPPKTS event, the function hciconntxdequeue did not properly hold or release the hdev device lock, which may lead to a use-after-free of the connection structure...

5.8AI score0.00172EPSS
Exploits0References5
cvelist
cvelist
added 2025/12/16 3:6 p.m.35 views

CVE-2025-68305 Bluetooth: hci_sock: Prevent race in socket write iter and sock bind

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmtpending before write iter sends the cmd, just as...

0.00162EPSS
Exploits0References4
cve
cve
added 2025/12/16 3:6 p.m.15 views

CVE-2025-68304

The CVE-2025-68304 entries describe a Linux kernel Bluetooth subsystem use-after-free risk in hci_core: lookup of hci_conn on the RX path. The root cause is a hdev lock/lookup/unlock/use pattern in RX that can allow concurrent deletion of hci_conn* while protocol RX processing uses it, prior to/b...

6.3AI score0.0015EPSS
Exploits0References2
osv
osv
added 2025/12/09 1:29 a.m.4 views

CVE-2023-53828 Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciaddadvmonitor KSAN reports use-after-free in hciaddadvmonitor. While adding an adv monitor, hciaddadvmonitor calls - msftaddmonitorpattern calls - msftaddmonitorsync calls -...

6.5AI score0.00214EPSS
Exploits0References7
redhat
redhat
added 2025/11/11 8:21 a.m.1 views

kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()

A NULL pointer access may result in compromised availability...

5.5CVSS7.4AI score0.00205EPSS
Exploits0References5
susecve
susecve
added 2025/10/08 11:30 p.m.3 views

SUSE CVE-2023-53673

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: call disconnect callback before deleting conn In hcicsdisconnect, we do hciconndel even if disconnection failed. ISO, L2CAP and SCO connections refer to the hciconn without hciconnget, so disconncfm must be...

7CVSS6.4AI score0.0017EPSS
Exploits0References37
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-55026

Malicious code in bioql PyPI...

5.5CVSS6AI score0.00253EPSS
Exploits0References7
osv
osv
added 2025/09/17 3:15 p.m.1 views

DEBIAN-CVE-2022-50374

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc,serdev: check percpuinitrwsem failure syzbot is reporting NULL pointer dereference at hciuartttyclose 1, for rcusyncenter is called without rcusyncinit due to hciuartttyopen ignoring percpuinitrwsem failure...

5.5CVSS5.4AI score0.00191EPSS
Exploits0References1
osv
osv
added 2025/09/17 2:56 p.m.5 views

CVE-2022-50374 Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcildisc,serdev: check percpuinitrwsem failure syzbot is reporting NULL pointer dereference at hciuartttyclose 1, for rcusyncenter is called without rcusyncinit due to hciuartttyopen ignoring percpuinitrwsem failure...

5.5CVSS6.2AI score0.00191EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2025/09/16 4:11 p.m.2 views

CVE-2022-50339 Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hcidevtestandsetflag in mgmtinithdev syzbot is again reporting attempt to cancel uninitialized work at mgmtindexremoved 1, for setting of HCIMGMT flag from mgmtinithdev from hcimgmtcmd from hcisocksendmsg can rac...

5.8AI score0.00098EPSS
Exploits0References2
osv
osv
added 2025/09/15 3:15 p.m.5 views

UBUNTU-CVE-2023-53252

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use RCU for hciconnparams and iterate safely in hcisync hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events in the loop body, without holding hdev lock...

7.8CVSS6.2AI score0.00137EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2025/09/15 2:46 p.m.2 views

CVE-2023-53252 Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use RCU for hciconnparams and iterate safely in hcisync hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events in the loop body, without holding hdev lock...

6.1AI score0.00137EPSS
Exploits0References3
redhat
redhat
added 2025/09/04 1:18 a.m.6 views

kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...

7.8CVSS6.8AI score0.00142EPSS
Exploits0References5
osv
osv
added 2025/08/22 4:15 p.m.5 views

UBUNTU-CVE-2025-38641

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix potential NULL dereference on kmalloc failure Avoid potential NULL pointer dereference by checking the return value of kmalloc and handling allocation failure properly...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2025/08/11 12:0 a.m.10 views

The vulnerability of the vhciFlush() function in the include/linux/skbuff.h library of the Linux Bluetooth kernel component allows a attacker to execute arbitrary code, gain elevated privileges, or cause a service failure.

The vulnerability of the vhciFlush function in the include/linux/skbuff.h library of the Linux Bluetooth kernel component is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code, increase their privileges, or cause service...

7.8CVSS7AI score0.00142EPSS
Exploits0References11Affected Software5
Rows per page
Query Builder