70 matches found
CVE-2026-53072
A flaw was found in the Linux kernel's Bluetooth subsystem. Improper handling of locking within the hciconnrequestevt function, particularly when the HCIPROTODEFER protocol is active, can result in a Use-After-Free UAF vulnerability. This condition arises when a connection object is accessed afte...
CVE-2026-53276
CVE-2026-53276 – Linux kernel Bluetooth ISO use-after-free : The issue occurs in iso_sock_rebind_bc() where a cached bis pointer (iso_pi(sk)->conn->hcon) is used after releasing the socket lock, allowing a concurrent close() to free the hci_conn structure. During the unlocked window, hci_de...
CVE-2026-53276
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of the hciconn pointer In isosockrebindbc, the bis pointer is cached, then the socket lock is dropped: bis = isopisk-conn-hcon; / Release the socket before lookups since that requires hcidevlo...
kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...
kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Use RCU for hciconnparams and iterate safely in hcisync. hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events within the loop body, without holding the hdev...
kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...
kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...
SUSE CVE-2026-46111
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...
CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...
PT-2026-44234
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A use-after-free issue exists in the Bluetooth component. The create big complete function unconditionally dereferences the...
CVE-2026-46056
A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: fixed a potential UAF issue in setcigparamssync. The lookup of hciconn and field access must be covered by the hdev lock in setcigparamssync. Otherwise, it’s possible that hciconn may be freed concurrently...
CVE-2026-43322
A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...
Linux kernel set_cig_params_sync function memory misreference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from the setcigparamssync function in Bluetooth hciconn not locking hciconn, which can b...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the lereadfeaturescomplete function in Bluetooth HCI sync. This function allows for...
Astra Linux – Vulnerability in Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a division by zero issue in l2capleflowctlinit. l2capleflowctlinit may cause both a division by zero and an integer overflow, as hdev-lemtu may not fall within the valid range. The MTU value was moved...
Linux Distros Unpatched Vulnerability : CVE-2026-43019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hciconn: fix potential UAF in setcigparamssync hciconn lookup and field access must be covered by hdev lock in setcigparamssync, otherwise it's...
CVE-2026-43019
A flaw was found in the Linux kernel's Bluetooth component. Improper synchronization in the setcigparamssync function can lead to a use-after-free UAF vulnerability. This issue arises when hciconn objects are accessed without proper locking, allowing them to be freed concurrently. An attacker cou...
CVE-2026-43019
The CVE-2026-43019 issue affects the Linux kernel Bluetooth HCI path, where hci_conn lookups and field access in set_cig_params_sync were not properly protected by the hdev lock, allowing a use-after-free when an hci_conn could be freed concurrently. The documented fix is to take the hdev lock to...