604 matches found
USN-6465-2 linux-raspi vulnerabilities
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2023-31083 Lin Ma discovered that the Netlink...
Kernel: bluetooth: Unauthorized management command execution
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...
SUSE CVE-2023-4010
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...
CVE-2023-4010
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...
CVE-2023-4010
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...
UBUNTU-CVE-2023-4010
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...
CVE-2023-4010 Kernel: usb: hcd: malformed usb descriptor leads to infinite loop in usb_giveback_urb()
A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usbgivebackurb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descripto...
CVE-2023-4010
CVE-2023-4010 reports a denial-of-service in the Linux kernel USB Host Controller Driver (framework) specifically in usb_giveback_urb. The description indicates a logic error in the goto-condition can cause the function to loop indefinitely when presented with a malformed descriptor, leading to D...
PT-2023-4073
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb giveback urb function has a logic loophole in its implementation, causing it to fall into an...
PT-2025-40716
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s wifi subsystem, specifically within the rtw88 driver. The issue involves a potential crash and memory leak during driver unloading. This occurs becaus...
Kernel: bluetooth: Unauthorized management command execution
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...
kernel: usb: xhci_plat_remove: avoid NULL dereference
In the Linux kernel, the following vulnerability has been resolved: usb: xhciplatremove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a "usb: host: xhci-plat: omit shared hcd if either root hub has no ports" xhci-sharedhcd can be NULL, which causes the following Oops...
kernel: xhci: Fix null pointer dereference in remove if xHC has only one roothub
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove and put both main and shared hcds even if only a main hcd exists one roothub This causes a null...
kernel: Bluetooth: When HCI work queue is drained, only queue chained work
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 "Bluetooth: Call drainworkqueue before resetting...
kernel: Bluetooth: L2CAP: Fix memory leak in vhci_write
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhciwrite Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 size 240: ... hex dump first 32 bytes: 00 00 ...
kernel: usb: host: ohci-ppc-of: Fix refcount leak bug
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohcihcdppcofprobe, offindcompatiblenode will return a node pointer with refcount incremented. We should use ofnodeput when it is not used anymore...
kernel: xhci: Fix null pointer dereference in remove if xHC has only one roothub
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove and put both main and shared hcds even if only a main hcd exists one roothub This causes a null...
PT-2023-17780 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the btm ble process periodic adv sync lost evt function of ble scanner hci interface.cc. This could lead to local information disclosure,...
RHEL 9 : kernel (RHSA-2023:0951)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0951 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free caused by...
AlmaLinux 9 : kernel-rt (ALSA-2023:0979)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0979 advisory. - An out-of-bounds memory access flaw was found in the Linux kernel Intel's iSMT SMBus host controller driver in the way a user triggers the...