Lucene search
+L

69 matches found

EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-45747

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Set HCICMDDRAINWORKQUEUE during device close Since hcidevclosesync can now be called during the reset path, we should also set HCICMDDRAINWORKQUEUE. This avoids queuing timeouts while the hdev workqueue is bei...

5.3AI score
Exploits0References5
NVD
NVD
added 4 hours ago3 views

CVE-2026-63974

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Set HCICMDDRAINWORKQUEUE during device close Since hcidevclosesync can now be called during the reset path, we should also set HCICMDDRAINWORKQUEUE. This avoids queuing timeouts while the hdev workqueue is bei...

Exploits0References4
Cvelist
Cvelist
added 5 hours ago3 views

CVE-2026-63974 Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device close

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Set HCICMDDRAINWORKQUEUE during device close Since hcidevclosesync can now be called during the reset path, we should also set HCICMDDRAINWORKQUEUE. This avoids queuing timeouts while the hdev workqueue is bei...

Exploits0References4
Positive Technologies
Positive Technologies
added 20 hours ago4 views

PT-2026-61261

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci sync: fix UAF in hci le create cis sync hci le create cis sync dereferences conn-conn timeout after releasing both rcu read lock and hci dev lockhdev. The conn pointer was obtained from an RCU-protected iteration...

5.3AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/26 9:19 a.m.12 views

CVE-2026-53209

A flaw was found in the Bluetooth subsystem of the Linux kernel, specifically within the hcisync component. This vulnerability occurs when the hciadvbcastannoucement function attempts to prepend Broadcast Announcement service data to an existing advertising payload that is already at its maximum...

7.8CVSS5.8AI score0.00138EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.11 views

CVE-2026-53209

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

7.8CVSS0.00138EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53209

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53209

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

6AI score0.00138EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53209

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hciadvbcastannoucement prepends the Broadcast Announcement service...

7.8CVSS5.8AI score0.00138EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fixed the dereferencing of a null pointer in hcisyncconnCompleteEvt. This event is only specified for SCO and eSCO link types. Upon receiving a HCISynchronousConnectionComplete event for a BDADDR of an existing LE...

5.5CVSS6.2AI score0.00249EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Use RCU for hciconnparams and iterate safely in hcisync. hciupdateacceptlistsync iterates over hdev-pendleconns and hdev-pendlereports, and waits for controller events within the loop body, without holding the hdev...

7.8CVSS6.5AI score0.00137EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed a memory leak in hcireqsyncComplete In the function hcireqsyncComplete, always free the previous sync request state before assigning a reference to a new one...

5.5CVSS6.4AI score0.00279EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: If hcicmdsyncqueueonce returns -EEXIST, it indicates that a queue item already exists. The hcicmdsyncqueueonce function needs to indicate whether a queue item was added, so that the caller can know if...

5.5CVSS6AI score0.00107EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-43322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace...

8.8CVSS6.6AI score0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 3:31 p.m.11 views

EUVD-2026-28606

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

5.8AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 2:16 p.m.34 views

CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

8.8CVSS0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 1:31 p.m.56 views

CVE-2026-43322 Bluetooth: hci_sync: Fix UAF in le_read_features_complete

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

8.8CVSS0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-38973

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free UAF issue exists in the Bluetooth component of the Linux kernel. The problem occurs in the le read features complete function when hci conn is freed after hci le read...

8.8CVSS7.6AI score0.00219EPSS
Exploits0References29
SUSE CVE
SUSE CVE
added 2026/05/07 2:19 a.m.11 views

SUSE CVE-2026-43021

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...

5.7AI score0.00107EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 7:40 a.m.2 views

CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: annotate data-races around hdev-reqstatus hcicmdsyncsk sets hdev-reqstatus under hdev-reqlock: hdev-reqstatus = HCIREQPEND; However, several other functions read or write hdev-reqstatus without holding any loc...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References7
Rows per page
Query Builder