Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: added a range check for connrspepid in htcconnectservice. I have identified the following bugs in my fuzzer: UBSAN: Array index out of bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 Index 255 is out of range...

CVE-2026-46135

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...

UBUNTU-CVE-2026-46135

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...

EUVD-2026-32762

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmettcphandleicreq updates queue-state after sending an Initialization Connection Response ICResp, but it does so without serializing against target-side queue...

SUSE CVE-2025-39889

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case: Security Mode 4 Level 4, Responder - Invalid Encryption Key Size - 128 bit This tests the security...

CVE-2025-10457

The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...

Improper Handling of Length Parameter Inconsistency

Overview Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via improper validation of the leconnrsp process. An attacker can cause information disclosure, data manipulation, or denial of service by sending specially crafted Bluetooth connectio...

CVE-2025-10457 Bluetooth: Out-Of-Context le_conn_rsp Handling

The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...

CVE-2025-10457 Bluetooth: Out-Of-Context le_conn_rsp Handling

The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching...

CVE-2025-10457

Zephyr Project’s CVE-2025-10457 affects the BLE stack, specifically the le_conn_rsp handling. The vulnerable component processes BLE connection responses without confirming that a connection attempt initiated by the device actually occurred, relying solely on identifier matching. This can enable ...

CVE-2023-53185 wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...

kernel: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

...

CVE-2024-53156 wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...

WiFi Mouse 1.8.3.2 - Remote Code Execution Exploit

Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which does not to prevent...

CVE-2022-46304

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

Command injection

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

PT-2023-14901 · Changingtec · Servisign

Name of the Vulnerable Software and Affected Versions: ChangingTec ServiSign affected versions not specified Description: The issue is related to insufficient filtering for special characters in the connection response parameter. This allows an unauthenticated remote attacker to host a malicious...

Cisco IOS XE SD-WAN DoS (cisco-sa-sdwan-dosmulti-48jJuEUP)

According to its self-reported version, Cisco IOS XE SD-WAN Software is affected by a denial of service DoS vulnerability in the UDP connection response due the presence of a null dereference in vDaemon. An unauthenticated, remote attacker can exploit this, by sending crafted traffic to an affect...