Lucene search
+L

27 matches found

RedHat Linux
RedHat Linux
added 2 days ago7 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.3AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago7 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.3AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/08 3:22 p.m.5 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS5.9AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 5:55 a.m.4 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 2:31 p.m.6 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 1:47 p.m.7 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 6:20 a.m.16 views

EUVD-2026-35353

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chanops.allocbuf and the chosen RX pool has a userdatasize smaller than 2 bytes, the segmentation counter stored in t...

7.6CVSS5.5AI score0.00452EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/28 8:47 a.m.13 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS5.8AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/20 1:3 p.m.11 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS5.8AI score0.003EPSS
Exploits0References5
CNVD
CNVD
added 2026/05/11 12:0 a.m.11 views

Linux kernel sco_sock_connect function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from a confusion in the instruction responsible for freeing memory in the scosockconnect...

7.8CVSS6.1AI score0.00097EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.10 views

SUSE CVE-2026-43023

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

7CVSS5.8AI score0.00097EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.33 views

CVE-2026-43023 Bluetooth: SCO: fix race conditions in sco_sock_connect()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

7.8CVSS0.00097EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/04/07 8:1 a.m.5 views

Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

...

8.8CVSS5.7AI score0.003EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/04/06 12:0 a.m.4 views

CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

8.8CVSS5.7AI score0.003EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2025/12/08 12:46 a.m.7 views

CVE-2025-40309

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scoconnfree BUG: KASAN: slab-use-after-free in scoconnfree net/bluetooth/sco.c:87 inline BUG: KASAN: slab-use-after-free in krefput include/linux/kref.h:65 inline BUG: KASAN: slab-use-after-free in...

5.4AI score0.0015EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-2483

Malware in sbrugna...

7.8CVSS6.4AI score0.03749EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-20790

Malware in sbrugna...

5.3CVSS5.2AI score0.01969EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2025/09/04 12:22 a.m.9 views

Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken

...

5.5CVSS7AI score0.00155EPSS
Exploits0
OSV
OSV
added 2025/07/03 9:15 a.m.10 views

DEBIAN-CVE-2025-38099

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READVOICESETTING is unsupported/broken A SCO connection without the proper voicesetting can cause the controller to lock up...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/20 12:0 a.m.5 views

PT-2025-41117

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the Bluetooth implementation where the disconnect callback is called after the connection has been deleted. Specifically, in the hci cs disconnect...

7.8CVSS7.5AI score0.0017EPSS
Exploits0
Rows per page
Query Builder