19 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53072
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: fix locking in hciconnrequestevt with HCIPROTODEFER When protocol sets HCIPROTODEFER, hciconnrequestevt calls hciconnectcfmconn without hdev-lock...
CVE-2026-53072 Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix locking in hciconnrequestevt with HCIPROTODEFER When protocol sets HCIPROTODEFER, hciconnrequestevt calls hciconnectcfmconn without hdev-lock. Generally hciconnectcfm assumes it is held, and if conn is deleted...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005561)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005561 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pairdevice hciconnparamsadd never checks for a NULL value...
kernel: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue
A flaw was discovered in the Bluetooth subsystem of the Linux kernel. When processing a HCIEVNUMCOMPPKTS event, the function hciconntxdequeue did not properly hold or release the hdev device lock, which may lead to a use-after-free of the connection structure...
ALSA-2025:22854 Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cifs: Fix oops due to uninitialised variable CVE-2025-38737 kernel: can: j1939: implement NETDEVUNREGISTER notification handler CVE-2025-39925 kernel: Bluetooth: hcievent: Fix UAF in...
Linux Distros Unpatched Vulnerability : CVE-2025-39983
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not...
CVE-2025-39983
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not properly locking hdev when processing HCIEVNUMCOMPPKTS: BUG: KASAN: slab-use-after-free in hciconntxdequeue+0x1be/0x220...
CVE-2025-39983 Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not properly locking hdev when processing HCIEVNUMCOMPPKTS: BUG: KASAN: slab-use-after-free in hciconntxdequeue+0x1be/0x220...
CVE-2025-39983 Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not properly locking hdev when processing HCIEVNUMCOMPPKTS: BUG: KASAN: slab-use-after-free in hciconntxdequeue+0x1be/0x220...
PT-2025-42258
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16-rc7 Description The Linux kernel contains a use-after-free flaw within the Bluetooth stack, specifically in the hci conn tx dequeue function. This issue arises from improper locking of the hdev structure whe...
DEBIAN-CVE-2023-53374
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fail SCO/ISO via hciconnfailed if ACL gone early Not calling hcidisconnectcfm before deleting conn referred to by a socket generally results to use-after-free. When cleaning up SCO connections when the parent...
CVE-2023-53252 Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use RCU for hciconnparams and iterate safely in hcisync hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events in the loop body, without holding hdev lock...
CVE-2023-53252
The CVE-2023-53252 entry applies to the Linux kernel Bluetooth stack. The vulnerability arises in hci_update_accept_list_sync where hci_conn_params/hci_sync lists are iterated while the lists can be modified (e.g., by le_scan_cleanup) without holding the device lock, risking an invalid list curso...
AZL-62630 CVE-2024-56591 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding...
AZL-48197 CVE-2024-43884 affecting package kernel for versions less than 6.6.51.1-5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pairdevice hciconnparamsadd never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the function...
Kernel: double free in hci_conn_cleanup of the bluetooth subsystem
A double-free vulnerability was found in the hciconncleanup in net/bluetooth/hciconn.c in the Linux Kernel. This issue may cause a denial of service or privilege escalation...
AZL-25956 CVE-2023-28464 affecting package kernel for versions less than 5.15.122.1-2
hciconncleanup in net/bluetooth/hciconn.c in the Linux kernel through 6.2.9 has a use-after-free observed in hciconnhashflush because of calls to hcidevput and hciconnput. There is a double free that may lead to privilege escalation...
UBUNTU-CVE-2023-28464
hciconncleanup in net/bluetooth/hciconn.c in the Linux kernel through 6.2.9 has a use-after-free observed in hciconnhashflush because of calls to hcidevput and hciconnput. There is a double free that may lead to privilege escalation...
PT-2023-2069 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 6.2.9 Description: The issue is related to a use-after-free vulnerability in the hci conn cleanup function in the net/bluetooth/hci conn.c module of the Linux kernel. This vulnerability is observed in the hci con...