4 matches found
kernel: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue
A flaw was discovered in the Bluetooth subsystem of the Linux kernel. When processing a HCIEVNUMCOMPPKTS event, the function hciconntxdequeue did not properly hold or release the hdev device lock, which may lead to a use-after-free of the connection structure...
Apache NimBLE out-of-bounds read vulnerability (CNVD-2024-47712)
Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. An out-of-bounds read vulnerability exists in Apache NimBLE, which can be...
CVE-2024-47249 Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects...
PT-2024-34712 · Apache · Apache Nimble
Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: The issue is an Out-of-bounds Read vulnerability in Apache NimBLE. It is caused by missing proper validation of HCI Number Of Completed Packets, which could lead to out-of-bound access when...