69 matches found
EUVD-2026-45747
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Set HCICMDDRAINWORKQUEUE during device close Since hcidevclosesync can now be called during the reset path, we should also set HCICMDDRAINWORKQUEUE. This avoids queuing timeouts while the hdev workqueue is bei...
CVE-2026-63974
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Set HCICMDDRAINWORKQUEUE during device close Since hcidevclosesync can now be called during the reset path, we should also set HCICMDDRAINWORKQUEUE. This avoids queuing timeouts while the hdev workqueue is bei...
CVE-2026-63974 Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device close
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Set HCICMDDRAINWORKQUEUE during device close Since hcidevclosesync can now be called during the reset path, we should also set HCICMDDRAINWORKQUEUE. This avoids queuing timeouts while the hdev workqueue is bei...
PT-2026-61261
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci sync: fix UAF in hci le create cis sync hci le create cis sync dereferences conn-conn timeout after releasing both rcu read lock and hci dev lockhdev. The conn pointer was obtained from an RCU-protected iteration...
CVE-2026-53209
A flaw was found in the Bluetooth subsystem of the Linux kernel, specifically within the hcisync component. This vulnerability occurs when the hciadvbcastannoucement function attempts to prepend Broadcast Announcement service data to an existing advertising payload that is already at its maximum...
CVE-2026-53209
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...
UBUNTU-CVE-2026-53209
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...
CVE-2026-53209
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...
CVE-2026-53209
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fixed the dereferencing of a null pointer in hcisyncconnCompleteEvt. This event is only specified for SCO and eSCO link types. Upon receiving a HCISynchronousConnectionComplete event for a BDADDR of an existing LE...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Use RCU for hciconnparams and iterate safely in hcisync. hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events within the loop body, without holding the hdev...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed a memory leak in hcireqsyncComplete In the function hcireqsyncComplete, always free the previous sync request state before assigning a reference to a new one...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: If hcicmdsyncqueueonce returns -EEXIST, it indicates that a queue item already exists. The hcicmdsyncqueueonce function needs to indicate whether a queue item was added, so that the caller can know if...
Linux Distros Unpatched Vulnerability : CVE-2026-43322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace...
EUVD-2026-28606
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
CVE-2026-43322
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
CVE-2026-43322 Bluetooth: hci_sync: Fix UAF in le_read_features_complete
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
PT-2026-38973
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free UAF issue exists in the Bluetooth component of the Linux kernel. The problem occurs in the le read features complete function when hci conn is freed after hci le read...
SUSE CVE-2026-43021
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: annotate data-races around hdev-reqstatus hcicmdsyncsk sets hdev-reqstatus under hdev-reqlock: hdev-reqstatus = HCIREQPEND; However, several other functions read or write hdev-reqstatus without holding any loc...