EUVD-2025-12858

Malicious code in bioql PyPI...

CVE-2022-49474 Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket twice consecutively in scosockconnect could lead to a race condition where two scoconn objects are created but only one is associated...

CVE-2024-57894

...

CVE-2024-54460

Technical details for CVE-2024-54460 are not present in the provided documents. No affected products, versions, or remediation are disclosed here. Monitor vendor advisories for updates.

CVE-2024-54191

CVE-2024-54191 affects the Linux kernel Bluetooth stack (ISO). The issue arises from a circular lock between the socket lock and hdev lock in the ISO path. The fix reworks iso_sock_recvmsg and related code so that the socket lock is released before acquiring hdev, breaking the circular dependency...

CVE-2024-53237 Bluetooth: fix use-after-free in device_for_each_child()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in deviceforeachchild Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in deviceforeachchild+0x18f/0x1a0 Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/498...

CVE-2024-46749 Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuartflush This adds a check before freeing the rx-skb in flush and close functions to handle the kernel crash seen while removing driver after FW download fails or before...

CVE-2024-36013 Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2capconnect Extend a critical section to prevent chan from early freeing. Also make the l2capconnect return type void. Nothing is using the returned value but it is ugly to return a...

CVE-2023-52833 Bluetooth: btusb: Add date->evt_skb is NULL check

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Add date-evtskb is NULL check fix crash because of null pointers 6104.969662 BUG: kernel NULL pointer dereference, address: 00000000000000c8 6104.969667 PF: supervisor read access in kernel mode 6104.969668 PF:...

CVE-2024-26890

The CVE-2024-26890 vulnerability is in the Linux kernel Bluetooth stack (btrtl driver). When the btrtl driver is used with hci_h5, private HCI data memory was not allocated after hci_dev, causing a potential out-of-bounds write detected by KASAN. The fix adds memory allocation for the hci_h5 path...