CVE-2024-45431

OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...

CVE-2024-45434

CVE-2024-45434 affects OpenSynergy BlueSDK (Bluetooth stack) up through 6.x. The flaw is a use-after-free caused by not validating object existence before operations, enabling remote code execution under the Bluetooth process user. Multiple sources corroborate the vulnerability in BlueSDK, with i...

Linux Distros Unpatched Vulnerability : CVE-2021-34145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMPmaxslot wit...

Linux Distros Unpatched Vulnerability : CVE-2021-34148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMPmaxslot wit...

CVE-2025-38593

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...

PT-2025-33790 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 6.14.0-syzkaller-10892-g4e82c87058f4 Description: A flaw exists in the Bluetooth stack within the Linux kernel related to the handling of device coredumps. Specifically, the hci devcd dump function can experience an...

Linux Distros Unpatched Vulnerability : CVE-2020-25662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory...

Linux Distros Unpatched Vulnerability : CVE-2025-38250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file...

The vulnerability of the OpenSynergy BlueSDK Bluetooth protocol stack, which allows a hacker to disclose protected information

The vulnerability of the OpenSynergy BlueSDK Bluetooth protocol stack is related to incorrect processing of the network packet header. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this security mechanism...

Vulnerability of the Bluetooth Stack software, related to improper handling of insufficient permissions or privileges, allowing an intruder to disclose protected information

The vulnerability of the Bluetooth Stack software is related to the improper handling of insufficient permissions or privileges. Exploiting this vulnerability can allow a remote attacker to disclose protected information...

PT-2025-29083

Name of the Vulnerable Software and Affected Versions: OpenSynergy BlueSDK versions through 6.x Description: The OpenSynergy BlueSDK Bluetooth stack contains an incorrect control flow scoping issue. The flaw is due to improper handling of exceptional conditions and a lack of proper return control...

Ubuntu: Security Advisory (USN-7607-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-7607-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7607-1 advisory. It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to...

USN-7607-2: Linux kernel (FIPS) vulnerabilities

It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3640 Several security issues were discovered in the Linux kernel. An...

USN-7607-1: Linux kernel vulnerabilities

It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3640 Several security issues were discovered in the Linux kernel. An...

CVE-2023-28909

A specific flaw exists within the Bluetooth stack of the MIB3 unit. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving fragmented HCI packets on a channel. An attacker can leverage this vulnerability to bypass the MTU...

CVE-2023-28908

A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving non-fragmented HCI packets on a channel. The vulnerability was originally discovered in...

CVE-2023-28910

A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number...

CVE-2023-28911

A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every...

CVE-2023-28910

A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number...