Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003720 advisory. An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hciuartregisterdev fails in hciuartsetproto in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002698 advisory. The vhcihcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation...

kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

A flaw was found in the Linux kernel’s Bluetooth subsystem HCI. Specifically, in the function hciaclcreateconnsync and related path hcilecreateconnsync, a connection object in state BTOPEN that is still pending command submission may be freed prematurely, leading to a use-after-free condition. An...

CVE-2025-53477

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

CVE-2025-53470 Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver

Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are...

EUVD-2026-1853

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

CVE-2025-53477 Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

Apache NimBLE 缓冲区错误漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A buffer error vulnerability exists in Apache NimBLE 1.8 and earlier versions,...

PT-2026-1815

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.8 Description An out-of-bounds read issue exists in the Apache NimBLE HCI H4 driver. A specially crafted HCI event can cause an invalid memory read within the H4 driver. The issue is considered low severity as ...

PT-2026-1816

Name of the Vulnerable Software and Affected Versions Apache NimBLE versions through 1.8.0 Description A flaw exists in Apache NimBLE where missing validation of an HCI connection complete or HCI command TX buffer can result in a NULL pointer dereference. This issue requires disabled asserts and ...

CVE-2022-50809

In the Linux kernel, the following vulnerability has been resolved: xhci: dbc: Fix memory leak in xhciallocdbc If DbC is already in use, then the allocated memory for the xhcidbc struct doesn't get freed before returning NULL, which leads to a memleak...

EUVD-2022-55889

In the Linux kernel, the following vulnerability has been resolved: xhci: dbc: Fix memory leak in xhciallocdbc If DbC is already in use, then the allocated memory for the xhcidbc struct doesn't get freed before returning NULL, which leads to a memleak...

UBUNTU-CVE-2022-50809

In the Linux kernel, the following vulnerability has been resolved: xhci: dbc: Fix memory leak in xhciallocdbc If DbC is already in use, then the allocated memory for the xhcidbc struct doesn't get freed before returning NULL, which leads to a memleak...

CVE-2023-54164

Technical details for CVE-2023-54164 are not provided in the supplied documents. Monitor for updates.

CVE-2022-50809 xhci: dbc: Fix memory leak in xhci_alloc_dbc()

In the Linux kernel, the following vulnerability has been resolved: xhci: dbc: Fix memory leak in xhciallocdbc If DbC is already in use, then the allocated memory for the xhcidbc struct doesn't get freed before returning NULL, which leads to a memleak...

CVE-2022-50809

In CVE-2022-50809, the Linux kernel vuln is a memory-leak in xhci_alloc_dbc() when DbC is already in use, where the xhci_dbc memory may not be freed before returning NULL. Concretely, the issue is triggered during DbC allocation and leads to a memleak as described in the public entries; multiple ...

PT-2025-53927

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the xhci alloc dbc function when Dynamic Backtrace Collection DbC is already in use. Specifically, if DbC is in use, the memory allocated for the xhci dbc struct ...

PT-2025-53951

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to Bluetooth handling. Specifically, the scheduling of work items within the Bluetooth HCI Host Controller Interface subsystem was flawed. A...

CVE-2023-53986

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved instructio...

UBUNTU-CVE-2023-53986

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: disable RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved instructio...