460 matches found
BlueZ Security Vulnerability
BlueZ is a Bluetooth protocol stack written in C. It is primarily used to provide support for the core Bluetooth layers and protocols. A security vulnerability exists in BlueZ that stems from an out-of-bounds write issue...
The vulnerability of the HID Profile interface of the Bluetooth protocol stack for the Linux BlueZ operating system allows a perpetrator to elevate their privileges and execute arbitrary commands.
The vulnerability of the HID Profile interface of the Bluetooth protocol stack for the Linux BlueZ operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands remotely...
ASB-A-275553827
In parsegapdata of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...
ASB-A-282234870
In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c
A vulnerability was found in the Linux Kernel in the l2capconndel in net/bluetooth/l2capcore.c function in the Bluetooth component. This issue leads to a use-after-free problem...
PT-2023-5677
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Android operating system's Bluetooth stack, specifically within the build read multi rsp function of gatt sr.cc. This issue is due to insufficient input validation, leadi...
The vulnerability of the `read_50_controller_cap_complete` function in the BlueZ component of the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the read50controllercapcomplete function in the BlueZ component of the Linux operating system’s kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
Oracle Linux 7 : ELSA-2017-2679-1: / kernel (ELSA-2017-26791)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-26791 advisory. - The native Bluetooth stack in the Linux Kernel BlueZ, starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack...
kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...
kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges...
Google Pixel 缓冲区错误漏洞
Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that originates in btmacl.cc's btmaclprocessscacmplpkt, where an out-of-bounds read is possible due to incorrect bounds checking, which could lead to remote information disclosure...
kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...
kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges...
USN-6007-1: Linux kernel (GCP) vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
PT-2023-17727 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to a possible out of bounds write in the bta av rc disc done function of bta av act.cc due to a missing bounds check. This could lead to local escalation of...
Ubuntu: Security Advisory (USN-5925-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5925-1 linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
USN-5925-1: Linux kernel vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
USN-5919-1 linux-aws-hwe, linux-oracle vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...
USN-5920-1 linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-oracle vulnerabilities
It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...