20 matches found
SUSE CVE-2026-43062
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2capecredreconfrsp l2capecredreconfrsp casts the incoming data to struct l2capecredconnrsp the ECRED connection response, 8 bytes with result at offset 6 instead of struct...
EUVD-2026-27358
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2capecredreconfrsp l2capecredreconfrsp casts the incoming data to struct l2capecredconnrsp the ECRED connection response, 8 bytes with result at offset 6 instead of struct...
CVE-2026-43062 Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2capecredreconfrsp l2capecredreconfrsp casts the incoming data to struct l2capecredconnrsp the ECRED connection response, 8 bytes with result at offset 6 instead of struct...
CVE-2026-43062
CVE-2026-43062 concerns the Linux kernel Bluetooth L2CAP path, where l2cap_ecred_reconf_rsp() incorrectly casts incoming data to struct l2cap_ecred_conn_rsp instead of struct l2cap_ecred_reconf_rsp. This type confusion causes: (1) the length check to require 8 bytes instead of 2, rejecting valid ...
Linux Distros Unpatched Vulnerability : CVE-2026-43062
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix type confusion in l2capecredreconfrsp l2capecredreconfrsp casts the incoming data to struct l2capecredconnrsp the ECRED connection respons...
PT-2026-37065
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2cap ecred reconf rsp l2cap ecred reconf rsp casts the incoming data to struct l2cap ecred conn rsp the ECRED connection response, 8 bytes with result at offset 6 instead of struct l2cap...
SUSE CVE-2026-31513
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...
CVE-2026-31513 Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...
CVE-2026-31513
Summary: CVE-2026-31513 affects the Linux kernel Bluetooth L2CAP code. A stack-out-of-bounds read occurs in l2cap_ecred_conn_req when handling a malformed Enhanced Credit Based Connection Request with more SCIDs than allowed. The bug arises from computing rsp_len before validating the number of S...
SUSE CVE-2026-23395
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...
PT-2026-27760
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Bluetooth L2CAP implementation. The code incorrectly handles multiple L2CAP ECRED CONN REQ requests, potentially leading to an overflow in the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989338)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989338 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaks...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987142)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987142 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaks...
DEBIAN-CVE-2022-49116
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaks in l2capecredconnect...
CVE-2022-49116 Bluetooth: use memset avoid memory leaks
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaks in l2capecredconnect...
CVE-2023-5055
Possible variant of CVE-2021-3434 in function leecredreconfreq...
kernel: Bluetooth: use memset avoid memory leaks
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaks in l2capecredconnect...
PT-2022-10337 · Zephyr · Zephyr
Name of the Vulnerable Software and Affected Versions: Zephyr versions = v2.5.0 Description: A stack-based buffer overflow issue exists in the le ecred conn req function. This issue is related to a stack-based buffer overflow, which can be exploited. Recommendations: For Zephyr versions = v2.5.0,...
Zephyr 缓冲区错误漏洞
Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr version v2.5.0 and later, which stems from a stack-based buffer overflow in leecredconnreq...