kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges...

USN-6007-1: Linux kernel (GCP) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

PT-2023-17727 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a possible out of bounds write in the bta av rc disc done function of bta av act.cc due to a missing bounds check. This could lead to local escalation of...

Ubuntu: Security Advisory (USN-5925-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5925-1: Linux kernel vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

USN-5925-1 linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

USN-5919-1 linux-aws-hwe, linux-oracle vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

USN-5920-1 linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-oracle vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

CVE-2021-3329

Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack...

CVE-2021-3329

CVE-2021-3329 affects Zephyr RTOS Bluetooth stack: root cause is lack of proper validation in HCI Host stack initialization, specifically around ACL_MTU handling, which can crash the bluetooth stack. Some sources cite Zephyr v2.4.0 as vulnerable. Documented impact includes high availability risk ...

PT-2023-12203 · Unknown · Bluetooth Stack

Name of the Vulnerable Software and Affected Versions: Bluetooth stack affected versions not specified Description: The issue is related to a lack of proper validation in HCI Host stack initialization, which can cause a crash of the bluetooth stack. Recommendations: At the moment, there is no...

[SECURITY] Fedora 37 Update: bluedevil-5.27.1-1.fc37

BlueDevil is the bluetooth stack for KDE...

USN-5883-1: Linux kernel (HWE) vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 It was discovered that an out-of-bounds write vulnerability existed i...

SUSE CVE-2020-25662

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the...

SUSE CVE-2022-39177

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c...

USN-5853-1 linux, linux-aws, linux-azure, linux-azure-5.4, linux-gkeop, linux-kvm, linux-oracle, linux-raspi, linux-raspi-5.4 vulnerabilities

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service system crash or possibly...

Amazon Linux 2 : kernel (ALAS-2022-1903)

The version of kernel installed on the remote host is prior to 4.14.301-224.520. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1903 advisory. A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is...

CVE-2022-42896

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

BlueZ 安全漏洞

BlueZ is a Bluetooth protocol stack written in C. It is primarily used to provide support for the core Bluetooth layers and protocols. A security vulnerability exists in BlueZ versions prior to 5.59, which stems from the fact that the profiles/audio/avdtp.c component can handle malformed and...

CVE-2022-20224

In ATSKIPREST of btahfclientat.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...