Google Android Bluetooth hci_len Heap Buffer Overflow Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A heap buffer overflow vulnerability exists in the parsing of Bluetooth packet lengths in Google Android. The vulnerability stems from a failure to properly validat...

CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command...

UBUNTU-CVE-2019-0161

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access...

USN-3619-1: Linux kernel vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16995 It was discovered that a...

The vulnerability of the Android CAF-release operating system, which stems from insufficient validation of input data, allows a malicious actor to improperly check the command length.

The vulnerability of the Android CAF-release operating system exists due to insufficient checks on input data. Exploiting this vulnerability allows a malicious actor to improperly verify the length of the HCI command remotely...

Google Android Qualcomm Wconnect Unauthorized Operation Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and Qualcomm Wconnect is one of Qualcomm's tools for connecting PCs to cell phones. A security vulnerability exists in Qualcomm Wconnect for Android, which stems from a failure of...

Qemu: usb: xhci infinite recursive call via xhci_kick_ep

QEMU aka Quick Emulator, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service infinite recursive call via vectors involving control transfer descriptors sequencing...

Qemu: usb: xhci infinite recursive call via xhci_kick_ep

QEMU aka Quick Emulator, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service infinite recursive call via vectors involving control transfer descriptors sequencing...

DEBIAN-CVE-2017-9374

Memory leak in QEMU aka Quick Emulator, when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service memory consumption by repeatedly hot-unplugging the device...

UBUNTU-CVE-2016-2391

The ohcibusstart function in the USB OHCI emulation support hw/usb/hcd-ohci.c in QEMU allows local guest OS administrators to cause a denial of service NULL pointer dereference and QEMU process crash via vectors related to multiple eoftimers...

FreeBSD : qemu -- denial of service vulnerability in USB EHCI emulation support (60cb2055-b1b8-11e5-9728-002590263bf5)

Prasad J Pandit, Red Hat Product Security Team, reports : Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interfaceEHCI and a respective device driver. These two communicate via a isochronous...

qemu -- denial of service vulnerability in USB EHCI emulation support

Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interfaceEHCI and a respective device driver. These two communicate via a isochronous...

Apple MAC OS X Bluetooth HCI Interface Memory Corruption Vulnerability

Apple Mac OS X is a commercial operating system. A memory corruption vulnerability exists in Apple Mac OS X's handling of the Bluetooth HCI interface, which could allow an attacker to run a malicious application to execute arbitrary code...

(Mobile Pwn2Own) Google Android Bluetooth Forced Pairing Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Android. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth application stack allowing for arbitrary Host Controller Interface comman...

UBUNTU-CVE-2014-3185

Multiple buffer overflows in the commandportreadcallback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service memory corruption and system crash v...

Kernel: Bluetooth: HCI & L2CAP information leaks

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the 1 L2CAP or 2 HCI implementation...

Kernel: Bluetooth: HCI & L2CAP information leaks

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the 1 L2CAP or 2 HCI implementation...