DEBIAN-CVE-2024-56605

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate btsockalloc allocates the sk object and attaches it to the provided sock object. On error l2capsockalloc frees the sk object, but the dangling pointer...

USN-7179-1 linux, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle-5.15 vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

The vulnerability of the iso_sock_timeout() function in the Linux operating system’s Bluetooth kernel implementation allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the isosocktimeout function in the net/bluetooth/iso.c module of the Linux operating system’s Bluetooth kernel implementation is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

The vulnerability of the sco_sock_timeout() function in the Linux operating system’s Bluetooth kernel implementation allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the scosocktimeout function in the net/bluetooth/sco.c module of the Linux operating system’s Bluetooth kernel implementation is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

kernel: Bluetooth: hci_core: Fix possible buffer overflow

A buffer overflow flaw was found in struct hcidevinfo in the variable name8 in the Linkkux Kernel. If an attacker crafts an exploit copying more than the size of the name8, it results in a buffer overflow and a denial of service...

The vulnerability of the l2cap_le_flowctl_init() function in the Linux kernel’s Bluetooth protocol implementation allows a attacker to cause a service failure.

The vulnerability of the l2capleflowctlinit function in the net/bluetooth/l2capcore.c module of the Linux operating system’s Bluetooth kernel implementation is related to the lack of input data validation. Exploiting this vulnerability could allow a remote attacker to cause service failures...

The vulnerability of the l2cap_connect() function in the Linux operating system’s Bluetooth kernel implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the l2capconnect function in the net/bluetooth/l2capcore.c module of the Linux operating system’s Bluetooth kernel implementation is related to the reallocation of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an...

kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c

A flaw was found in l2capsockrelease in net/bluetooth/l2capsock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled...

kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c

A flaw was found in l2capsockrelease in net/bluetooth/l2capsock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled...

kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

kernel: Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

n the Linux kernel’s Bluetooth subsystem there is a flaw in the way Bluetooth HCI work items are queued. Under certain conditions, work associated with command timeouts hdev-cmd,ncmdtimer could be scheduled on the wrong workqueue while the intended workqueue is being drained. This occurs because...

SUSE CVE-2013-3224

The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

USN-4592-1 linux-oem-osp1, linux-raspi2-5.3 vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace

The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to 1 the l2capsockgetsockoptold function in...

kernel: bnep device field missing NULL terminator

The bnepsockioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service BUG and...

Mandrake Linux Security Advisory : kernel (MDKSA-2005:110)

Multiple vulnerabilities in the Linux kernel have been discovered and fixed in this update. The following CVE names have been fixed in the LE2005 kernel : Colin Percival discovered a vulnerability in Intel's Hyper-Threading technology could allow a local user to use a malicious thread to create...