CVE-2026-45834

A flaw was found in the Linux kernel's Bluetooth L2CAP Logical Link Control and Adaptation Protocol implementation. A missing null pointer guard in the l2capsockstatechangecb function can lead to a null pointer dereference. This vulnerability could allow an attacker to cause a system crash,...

CVE-2026-23461

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser After commit ab4eedb790ca "Bluetooth: L2CAP: Fix corrupted list in hcichandel", l2capconndel uses conn-lock to protect access to conn-users. However, l2capregisteruser a...

CVE-2025-5477

Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth devi...

CVE-2025-5477

Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth devi...

UBUNTU-CVE-2024-49950

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2capconnect Syzbot reported BUG: KASAN: slab-use-after-free in l2capconnect.constprop.0+0x10d8/0x1270 net/bluetooth/l2capcore.c:3949 Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54 CP...

PT-2022-35827 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue is related to a user-after-free problem in the Bluetooth L2CAP protocol. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...