Oracle Linux 8 : kernel (ELSA-2026-2720)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2720 advisory. - Bluetooth: hcievent: Fix checking conn for leconncompleteevt David Marlin RHEL-137111 CVE-2023-53762 - Bluetooth: hcisync: Fix UAF in...

AZL-68276 CVE-2024-56591 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding...

CVE-2024-56591

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Use disabledelayedworksync This makes use of disabledelayedworksync instead canceldelayedworksync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding...

CVE-2024-50029 Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...

CVE-2024-50029 Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix UAF in hcienhancedsetupsync This checks if the ACL connection remains valid as it could be destroyed while hcienhancedsetupsync is pending on cmdsync leading to the following trace: BUG: KASAN:...

CVE-2024-36968

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2capleflowctlinit l2capleflowctlinit can cause both div-by-zero and an integer overflow since hdev-lemtu may not fall in the valid range. Move MTU from hcidev to hciconn to validate MTU and...

CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2capleflowctlinit l2capleflowctlinit can cause both div-by-zero and an integer overflow since hdev-lemtu may not fall in the valid range. Move MTU from hcidev to hciconn to validate MTU and...

CVE-2024-36968

CVE-2024-36968 (Linux kernel) : A Bluetooth L2CAP issue in the kernel could cause div-by-zero and integer overflow due to hdev->le_mtu potentially being out of range. The fix moves MTU validation from hci_dev to hci_conn, halting connection setup when MTU is invalid, and adds validation in rea...

GSD-2023-1001932 Bluetooth: hci_conn: Fix memory leaks

Bluetooth: hciconn: Fix memory leaks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.9 by commit f51a825b9f730a782aa768454906b4468e67b667, ...