kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free

A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

EUVD-2012-6392

Malware in sbrugna...

ROS-20250128-07

A vulnerability in the HID Profile Human Interface Device interface of the Bluetooth protocol stack for the Linux BlueZ operating system is related to an access control flaw. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary commands...

Rocky Linux 8 : bluez (RLSA-2022:2081)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2081 advisory. - BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hun...

SUSE SLED12 / SLES12 Security Update : bluez (SUSE-SU-2023:3689-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3689-1 advisory. - BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which...

Oracle Linux 5 : ELSA-2013-1034-1: / kernel (ELSA-2013-10341)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-10341 advisory. - Heap-based buffer overflow in the tg3readvpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically...

SUSE SLES15 Security Update : bluez (SUSE-SU-2023:3240-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:3240-1 advisory. - BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will...

AlmaLinux 8 : bluez (ALSA-2022:2081)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2081 advisory. - BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung ...

CVE-2021-41229

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...

Google, Intel Warn on 'Zero-Click' Kernel Bug in Linux-Based IoT Devices

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things IoT devices. Click to Register! According to Google, the vulnerability affects users of Linux kernel...

Google Android Kernel Bluez Elevation of Privilege Vulnerability

Android on Google Pixel and Nexus is an open source Linux-based operating system for the Google Pixel and Nexus smartphones developed by Google and the Open Handset Alliance OHA.Kernel Bluez is one of the Bluetooth protocol stacks. Kernel Bluez is one of the Bluetooth protocol stacks. An elevatio...

Affix Bluetooth Protocol Stack 3.1/3.2 Signed Buffer Index Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may b...

UBUNTU-CVE-2012-6544

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the 1 L2CAP or 2 HCI implementation...

Windows Bluetooth栈bthport.sys驱动程序远程代码执行漏洞(MS11-053)

BUGTRAQ ID: 48617 CVE ID: CVE-2011-1265 Microsoft Windows Bluetooth stack是蓝牙协议栈的实现。 Microsoft Windows Bluetooth stack在实现上存在远程代码执行漏洞，远程攻击者可通过发送特制的蓝牙报文到受影响系统利用此漏洞导致远程代码执行。此漏洞仅影响带有蓝牙功能的系统。 漏洞源于访问未能正确初始化或处理已经被删除内存对象的方式存在的问题。 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Windows 7...

[Full-disclosure] DMA[2005-0712a] - 'Nokia Affix Bluetooth btftp client buffer overflow'

DMA2005-0712a - 'Nokia Affix Bluetooth btftp client buffer overflow' Author: Kevin Finisterre Vendor: http://www-nrc.nokia.com/affix/, http://affix.sourceforge.net Product: 'affix' References: http://www.digitalmunition.com/DMA2005-0712a.txt Description: Affix is a Bluetooth Protocol Stack for...

Affix Bluetooth Protocol Stack 3.1/3.2 - Signed Buffer Index (1)

// source: https://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may be leveraged by a local attacker...

Affix Bluetooth Protocol Stack 3.13.2 - Signed Buffer Index (2)

Affix Bluetooth Protocol Stack 3.13.2 - Signed Buffer Index 2 // source: https://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer si...

Affix Bluetooth Protocol Stack 3.1/3.2 - Signed Buffer Index (2)

// source: https://www.securityfocus.com/bid/13347/info A local signed buffer index vulnerability affects Affix Bluetooth Protocol Stack. This issue is due to a failure of the affected utility to properly handle user-supplied buffer size parameters. This issue may be leveraged by a local attacker...