CVE-2026-53253

The CVE-2026-53253 entry concerns the Linux kernel Bluetooth BNEP path. A short BNEP SDU could be processed without validating required bytes in bnep_rx_frame and bnep_rx_control, leading to a potential access of unverified data (KASAN). The fix adds proper length validation by using skb_pull_dat...

EUVD-2026-39204

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005192)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005192 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001202)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001202 advisory. The bnepaddconnection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local use...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003207)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003207 advisory. The bnepaddconnection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local use...

CVE-2025-22406

In bnepuchecksendpacket of bneputils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22406

In bnepuchecksendpacket of bneputils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a memory misreference vulnerability that stems from a mix-up in the bneputils.cc instruction bnepuchecksendpacket responsible for freeing memory, which can be exploited by an attacker to elevate...

PT-2025-11069 · Google · Android

Name of the Vulnerable Software and Affected Versions: bnepu affected versions not specified Description: A use-after-free issue exists in the bnepu check send packet function within bnep utils.cc. This could lead to local escalation of privilege without requiring additional execution privileges ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: bnep: fixed wild-memory-access in protounregister The issues are as follows: KASAN: possible wild-memory-access within the range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...

SUSE CVE-2024-50148

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe wild-memory-access in range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...

CVE-2024-50148

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe wild-memory-access in range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...

AZL-53271 CVE-2024-50148 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe wild-memory-access in range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...

DEBIAN-CVE-2024-50148

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe wild-memory-access in range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...

AZL-53316 CVE-2024-50148 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe wild-memory-access in range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...

UBUNTU-CVE-2024-50148

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe wild-memory-access in range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...

CVE-2024-50148 Bluetooth: bnep: fix wild-memory-access in proto_unregister

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in protounregister There's issue as follows: KASAN: maybe wild-memory-access in range 0xdead...108-0xdead...10f CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP:...

Microsoft Windows Bluetooth BNEP Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The specific flaw exists within the processing of...

SUSE CVE-2011-1079

The bnepsockioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service BUG and...

SUSE CVE-2017-15868

The bnepaddconnection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application...