DEBIAN-CVE-2024-38620

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCIAMP support Since BTHS has been remove HCIAMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP an...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the Bluetooth:HCI module removing HCIAMP support...

SUSE CVE-2023-52766

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hcidmairqhandler Do not loop over ring headers in hcidmairqhandler that are not allocated and enabled in hcidmainit. Otherwise out of bounds access will occur from rings-headersi...

UBUNTU-CVE-2024-36950

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until busresetwork has serviced and cleared the...

Bluetooth: Fix memory leak in hci_req_sync_complete()

...

DEBIAN-CVE-2024-36011

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

UBUNTU-CVE-2024-26964

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhcimapurbfordma Currently xhcimapurbfordma creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzallocnode fails, then the following sgpcopytobuffer can lead to...

kernel: Bluetooth: hci_sync: fix memory leak in hci_update_adv_data()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix memory leak in hciupdateadvdata When hcicmdsyncqueue failed in hciupdateadvdata, instptr is not freed, which will cause memory leak, convert to use ERRPTR/PTRERR to pass the instance to callback so no memo...

kernel: Bluetooth: HCI: global out-of-bounds access in net/bluetooth/hci_sync.c

An out-of-bounds OOB memory access flaw was found in net/bluetooth/hcisync.c due to a missing exit patch while in loop in ampinit1 and ampinit2. This issue could allow an attacker to leak internal kernel information...

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

DEBIAN-CVE-2024-26659

In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes su...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets due to a memory corruption when processing IOCTL FM HCI WRITE requests...

The vulnerabilities of HCI (Host Controller Interface) and SCI interfaces, which operate according to the IEC 60870-5-104 standard, and are found in Hitachi Energy RTU500 programmable logic controllers, allow a perpetrator to trigger a service failure.

The vulnerabilities of HCI Host Controller Interface and SCI interfaces, which operate according to the IEC 60870-5-104 standard, in Hitachi Energy RTU500 programmable logic controllers, are related to insufficient verification of input data. Exploiting these vulnerabilities can allow an attacker...

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

PT-2023-17780 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the btm ble process periodic adv sync lost evt function of ble scanner hci interface.cc. This could lead to local information disclosure,...

CVE-2021-3329

Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack...

SUSE CVE-2012-6544

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the 1 L2CAP or 2 HCI implementation...

CVE-2023-0396

A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses...

QEMU 安全漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU's USB xHCI controller that stems from the presence of an infinite loop flaw. An attacker could exploit...

CVE-2022-28613

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The...