15 matches found
UBUNTU-CVE-2026-43322
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
CVE-2026-43021
A flaw was found in the Bluetooth hcisync component of the Linux kernel. When the hcicmdsyncqueueonce function fails, the associated destroy callback is not invoked, leading to memory and reference leaks. This continuous leakage of resources could eventually result in a Denial of Service DoS...
CVE-2026-43022
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: hcicmdsyncqueueonce return -EEXIST if exists hcicmdsyncqueueonce needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Change the...
CVE-2026-43021 Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns with error, the destroy callback will not be called. Fix leaking references / memory on these failures...
Oracle Linux 8 : kernel (ELSA-2026-2720)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2720 advisory. - Bluetooth: hcievent: Fix checking conn for leconncompleteevt David Marlin RHEL-137111 CVE-2023-53762 - Bluetooth: hcisync: Fix UAF in...
kernel: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
A use-after-free flaw was found in hcicmdsyncdequeueonce in net/bluetooth/hcisync.c in Bluetooth: hcisync in Linux Kernel. This vulnerability could even lead to a kernel information leak problem...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of post-release reuse of Bluetooth hcisync...
EUVD-2025-201627
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix race in hcicmdsyncdequeueonce hcicmdsyncdequeueonce does lookup and then cancel the entry under two separate lock sections. Meanwhile, hcicmdsyncwork can also delete the same entry, leading to double listd...
CVE-2023-53762 Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...
CVE-2025-40318
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix race in hcicmdsyncdequeueonce hcicmdsyncdequeueonce does lookup and then cancel the entry under two separate lock sections. Meanwhile, hcicmdsyncwork can also delete the same entry, leading to double listd...
CVE-2025-40318 Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix race in hcicmdsyncdequeueonce hcicmdsyncdequeueonce does lookup and then cancel the entry under two separate lock sections. Meanwhile, hcicmdsyncwork can also delete the same entry, leading to double listd...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the Bluetooth: hcisync module in the hcidiscoveryfilterclear function that could lead to a double release...
CVE-2023-53017
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix memory leak in hciupdateadvdata When hcicmdsyncqueue failed in hciupdateadvdata, instptr is not freed, which will cause memory leak, convert to use ERRPTR/PTRERR to pass the instance to callback so no memo...
GSD-2022-1001082 Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set
Bluetooth: hcisync: Fix queuing commands when HCIUNREGISTER is set This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...