kernel: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capdisconnectreq,rsp Similar to commit d0be8347c623 "Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput", just use l2capchanholdunlesszero to prevent referencing a channel that i...

Siemens SIMATIC and SIPLUS products Uncontrolled Resource Consumption (CVE-2025-40944)

Affected devices do not properly handle S7 protocol session disconnect requests. When receiving a valid S7 protocol Disconnect Request COTP DR TPDU on TCP port 102, the devices enter an improper session state. This could allow an attacker to cause the device to become unresponsive, leading to a...

CVE-2025-40944

A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN 6ES7157-1AB00-0AB0 All versions, SIMATIC ET 200MP IM 155-5 PN HF 6ES7155-5AA00-0AC0 All versions = V4.2.0, SIMATIC ET 200SP IM 155-6 MF HF 6ES7155-6MU00-0CN0 All versions, SIMATIC ET 200SP IM 155-6 PN HA incl. SIPLUS variants All...

CVE-2025-40944

A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN 6ES7157-1AB00-0AB0 All versions, SIMATIC ET 200MP IM 155-5 PN HF 6ES7155-5AA00-0AC0 All versions = V4.2.0, SIMATIC ET 200SP IM 155-6 MF HF 6ES7155-6MU00-0CN0 All versions, SIMATIC ET 200SP IM 155-6 PN HA incl. SIPLUS variants All...

CVE-2025-40944

CVE-2025-40944 affects Siemens SIMATIC devices (ET 200AL/200SP/200MP families, SIPLUS variants, PN/PN couplers, etc.). The issue arises from improper handling of S7 protocol Disconnect Requests (COTP DR TPDU) on TCP port 102, causing devices to enter an improper session state and potentially beco...

Siemens SIMATIC and SIPLUS products

SUMMARY Siemens ET 200SP contains a denial-of-service vulnerability that could be triggered by sending a valid S7 protocol Disconnect Request COTP DR TPDU, causing the device to become unresponsive and require a power cycle to recover. Siemens has released new versions for several affected...

SUSE CVE-2023-53827

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capdisconnectreq,rsp Similar to commit d0be8347c623 "Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput", just use l2capchanholdunlesszero to prevent referencing a channel that i...

EUVD-2023-60169

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capdisconnectreq,rsp Similar to commit d0be8347c623 "Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput", just use l2capchanholdunlesszero to prevent referencing a channel that i...

CVE-2023-53827

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capdisconnectreq,rsp Similar to commit d0be8347c623 "Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput", just use l2capchanholdunlesszero to prevent referencing a channel that i...

CVE-2023-53827

In the Linux kernel, CVE-2023-53827 affects Bluetooth L2CAP handling. The fix prevents use-after-free in l2cap_disconnect_{req,rsp} by using l2cap_chan_hold_unless_zero to avoid referencing a channel that is about to be destroyed. This addresses a vulnerability in the Bluetooth L2CAP code path; n...

Cisco Wireless LAN Controller RADIUS Implementation Vulnerability

Cisco Wireless LAN Controller is a wireless LAN controller product. The RADIUS implementation in Cisco Wireless LAN Controller fails to perform sufficient input validation on RADIUS Disconnect-Request packets, allowing remote attackers to exploit a vulnerability by submitting a special request to...

Design/Logic Flaw

The RADIUS functionality on Cisco Wireless LAN Controller WLC devices with software 7.0250.0 and 7.0252.0 allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request UDP packets, aka Bug ID CSCuw29419...