Lucene search
+L

356 matches found

CVE
CVE
added 2026/04/22 1:54 p.m.22 views

CVE-2026-31512

Mode C CVE-2026-31512 affects the Linux kernel Bluetooth L2CAP path. The vulnerability arises in l2cap_ecred_data_rcv() where the SDU length is read from skb->data using get_unaligned_le16() without first ensuring skb contains at least 2 bytes (L2CAP_SDULEN_SIZE). If skb->len

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/22 1:54 p.m.2 views

CVE-2026-31513 Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...

8.1CVSS6.8AI score0.00252EPSS
Exploits0References7
CVE
CVE
added 2026/04/22 1:54 p.m.25 views

CVE-2026-31510

CVE-2026-31510: Linux kernel Bluetooth L2CAP vulnerability due to a null pointer dereference in l2cap_sock_ready_cb. The issue arises because sk is used without verifying it’s non-null, leading to a kernel panic/DoS. Multiple OS advisories (Debian roots, Ubuntu, Red Hat, SUSE, etc.) report the pa...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/04/22 1:54 p.m.19 views

CVE-2026-31498

Linux kernel CVE-2026-31498 affects Bluetooth L2CAP by exposing memory leaks during reconfiguration (ERTM data structures) and a zero-valued max_pdu_size path that can lead to an infinite loop in l2cap_segment_sdu. Root cause: reconfiguration previously re-initialized ERTM state and NULL’d sdu wi...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-31510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range...

5.5CVSS6.1AI score0.00123EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix ERTM re-init and zero pdulen infinite loop l2capconfigreq processes CONFIGREQ for channels in BTCONNECTED state to support L2CAP...

5.5CVSS6.6AI score0.00123EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the...

5.5CVSS6.2AI score0.00094EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34415

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference exists in the Bluetooth L2CAP component. The issue occurs within the l2cap sock ready cb function when the sk pointer is used without verifying if it is null...

7.8CVSS5.4AI score0.00378EPSS
Exploits0References122
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.10 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013653 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to...

5.8AI score0.00177EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013193 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capdisconnectreq,rsp Similar to commit d0be8347c623...

5.6AI score0.00225EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013245)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013245 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to...

5.8AI score0.00177EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007343 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate btsockalloc...

7.8CVSS6.3AI score0.00236EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/03 11:27 p.m.6 views

SUSE CVE-2026-23461

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser After commit ab4eedb790ca "Bluetooth: L2CAP: Fix corrupted list in hcichandel", l2capconndel uses conn-lock to protect access to conn-users. However, l2capregisteruser a...

7.5CVSS5.8AI score0.00247EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2026/04/03 6:43 p.m.3 views

CVE-2026-23461

A flaw was found in the Linux kernel's Bluetooth L2CAP component. A race condition exists due to inconsistent locking mechanisms when registering and unregistering L2CAP users. This allows concurrent access to shared data structures, leading to use-after-free vulnerabilities and list corruption...

8.8CVSS5.9AI score0.00247EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 4:16 p.m.4 views

CVE-2026-31393

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAPINFORSP payload length before access l2capinformationrsp checks that cmdlen covers the fixed l2capinforsp header type + result, 4 bytes but then reads rsp-data without verifying that the payload is...

8.1CVSS0.00255EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.5 views

CVE-2026-23461

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser After commit ab4eedb790ca "Bluetooth: L2CAP: Fix corrupted list in hcichandel", l2capconndel uses conn-lock to protect access to conn-users. However, l2capregisteruser a...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.5 views

CVE-2026-23461

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser After commit ab4eedb790ca "Bluetooth: L2CAP: Fix corrupted list in hcichandel", l2capconndel uses conn-lock to protect access to conn-users. However, l2capregisteruser a...

5.7AI score0.00247EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/04/03 3:15 p.m.27 views

CVE-2026-23461 Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser After commit ab4eedb790ca "Bluetooth: L2CAP: Fix corrupted list in hcichandel", l2capconndel uses conn-lock to protect access to conn-users. However, l2capregisteruser a...

8.8CVSS0.00247EPSS
Exploits0References5
CVE
CVE
added 2026/04/03 3:15 p.m.29 views

CVE-2026-23461

CVE-2026-23461: In the Linux kernel Bluetooth L2CAP, l2cap_register_user() and l2cap_unregister_user() did not consistently acquire conn->lock, creating a race with l2cap_conn_del() that can access conn->users and conn->hchan concurrently. This caused use-after-free and list corruption. ...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.8 views

PT-2026-30155

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth L2CAP implementation, specifically within the l2cap unregister user function. A race condition occurs because l2cap register user and l2cap...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References487
Rows per page
Query Builder