Lucene search
K

615 matches found

OSV
OSV
added 2026/07/02 3:17 p.m.4 views

UBUNTU-CVE-2026-53357

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...

5.8AI score0.00165EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/02 1:43 p.m.6 views

EUVD-2026-41372

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...

7.8CVSS5.8AI score0.00165EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55234

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Bluetooth L2CAP socket cleanup process. The problem occurs during a race condition between l2cap sock cleanup listen and l2cap conn del. Specifically...

6AI score0.00165EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:19 a.m.16 views

Bluetooth: fix memory leak in error path of hci_alloc_dev()

...

5.5CVSS5.8AI score0.00136EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:11 a.m.8 views

Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend

...

7.8CVSS5.8AI score0.00138EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 1:22 a.m.9 views

CVE-2026-53252

A flaw was found in the Linux kernel's Bluetooth subsystem. Specifically, an issue in the error handling path of the hciallocdev function within the Bluetooth Host Controller Interface HCI Universal Asynchronous Receiver/Transmitter UART configuration can lead to a memory leak. This occurs when...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:2 p.m.5 views

CVE-2026-53073

A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI Universal Asynchronous Receiver/Transmitter UART driver. When the hciregisterdev function fails, a flag indicating protocol initialization is not properly cleared. This oversight allows incoming UART data to be process...

7CVSS5.7AI score0.00172EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 8:39 a.m.7 views

EUVD-2026-39227

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of the hciconn pointer In isosockrebindbc, the bis pointer is cached, then the socket lock is dropped: bis = isopisk-conn-hcon; / Release the socket before lookups since that requires hcidevlo...

5.7AI score0.0012EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53251 Bluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53251

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not releasing hdev reference on isoconnbigsync hcigetroute returns a reference-counted hcidev pointer via hcidevhold. The function exits normally or with an error without ever releasing it...

5.7AI score0.00127EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53251

CVE-2026-53251: Linux kernel Bluetooth ISO path vulnerability where hci_get_route() leaks a reference-counted hci_dev pointer (via hci_dev_hold()) on exit, without releasing it. Documented as a resource leak that can contribute to a Denial of Service. Several advisories indicate patches exist (e....

5.5CVSS5.7AI score0.00127EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52371

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Bluetooth ISO implementation. In the iso sock rebind bc function, the bis pointer is cached and the socket lock is subsequently dropped. A concurrent...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.4 views

PT-2026-52347

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Bluetooth HCI UART configuration during early failures in the hci alloc dev function. When device initialization fails before hci register dev completes, the...

5.5CVSS6.1AI score0.00136EPSS
Exploits0References20
CVE
CVE
added 2026/06/24 4:30 p.m.12 views

CVE-2026-53072

The CVE-2026-53072 vulnerability affects the Linux kernel Bluetooth subsystem, specifically hci_conn_request_evt() when HCI_PROTO_DEFER is active. The issue arises because hci_connect_cfm(conn) is called without holding hdev->lock, breaking the expected lock discipline and allowing a Use-After...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51967

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth component where HCI UART PROTO INIT is not cleared when hci register dev fails within the hci uart register dev function. This failure allows incoming UA...

6AI score0.00172EPSS
Exploits0References17
Microsoft CVE
Microsoft CVE
added 2026/06/10 8:3 a.m.6 views

Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths

...

7.8CVSS5.8AI score0.00185EPSS
Exploits1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from reuse and race conditions in the path of Bluetooth hciuart’s shutdown and initialization processe...

7.8CVSS5.3AI score0.00185EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.7 views

kernel: Bluetooth: hci_sync: Fix UAF in le_read_features_complete

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/03 3:50 p.m.14 views

EUVD-2026-34129

In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state machine work may still be active. Timer callbacks can schedule smwork...

5.7AI score0.00121EPSS
Exploits0References7
CVE
CVE
added 2026/05/28 9:36 a.m.23 views

CVE-2026-46186

Summary: CVE-2026-46186 affects the Linux kernel Bluetooth virtio_bt driver. The vulnerability arises in virtbt_rx_handle(), which reads the leading pkt_type byte from RX skb and forwards the rest to hci_recv_frame() for multiple packet types without validating that the remaining payload is large...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder