Lucene search
+L

6 matches found

RedHat Linux
RedHat Linux
added 4 days ago5 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 2:21 a.m.18 views

kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect()

A flaw was found in the Linux kernel, specifically within its Bluetooth Synchronous Connection-Oriented SCO component. This vulnerability occurs due to race conditions when multiple connection attempts are made simultaneously on the same Bluetooth socket. This can lead to a use-after-free error,...

7.8CVSS5.8AI score0.00097EPSS
Exploits0References5
CNVD
CNVD
added 2026/05/11 12:0 a.m.11 views

Linux kernel sco_sock_connect function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a confusion in the instruction responsible for freeing memory in the scosockconnect...

7.8CVSS6.1AI score0.00097EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/01 5:4 p.m.5 views

CVE-2026-43023

A flaw was found in the Linux kernel, specifically within its Bluetooth Synchronous Connection-Oriented SCO component. This vulnerability occurs due to race conditions when multiple connection attempts are made simultaneously on the same Bluetooth socket. This can lead to a use-after-free error,...

7.8CVSS5.8AI score0.00097EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/06 12:0 a.m.4 views

CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

8.8CVSS5.7AI score0.003EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/12/19 12:58 a.m.3 views

kernel: Bluetooth: SCO: Fix UAF on sco_sock_timeout

A use-after-free vulnerability was found in the Linux kernel's Bluetooth SCO. When scosocktimeout is called, conn-sk may be unlinked/freed while waiting for scoconnlock. This checks if the conn-sk is still valid by checking if it is part of scosklist, leading to a loss of availability and system...

7.8CVSS7.1AI score0.0023EPSS
Exploits0References5
Rows per page
Query Builder