PT-2025-52995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation within the hci conn component. Specifically, the hci connect sco and hci connect cis functions were returning NULL when a lin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rtl8xxxu driver not properly handling C2H messages, which could lead to a memory leak...

PT-2025-51708

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth implementation within the Linux kernel, specifically in the hci core component. The issue relates to improper locking mechanisms when handling Bluetooth...

EUVD-2023-60156

In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fix a potential out-of-bound memory access If xdbcbulkwrite fails, the values in 'buf' can be anything. So the string is not guaranteed to be NULL terminated when xdbctrace is called. Reserve an extra byte,...

Bluetooth: hci_event: validate skb length for unknown CC opcode

...

CVE-2023-53828 Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciaddadvmonitor KSAN reports use-after-free in hciaddadvmonitor. While adding an adv monitor, hciaddadvmonitor calls - msftaddmonitorpattern calls - msftaddmonitorsync calls -...

SUSE CVE-2025-40308

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsprecv can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN:...

CVE-2025-40301

No description is available for this CVE. Mitigation To mitigate this issue, disable the Bluetooth kernel module if Bluetooth functionality is not required. This can be achieved by blacklisting the bluetooth module. Create a file named /etc/modprobe.d/disable-bluetooth.conf with the following...

EUVD-2022-55684

In the Linux kernel, the following vulnerability has been resolved: drm/gud: Fix UBSAN warning UBSAN complains about invalid value for bool: 101.165172 drm Initialized gud 1.0.0 20200422 for 2-3.2:1.0 on minor 1 101.213360 gud 2-3.2:1.0: drm fb1: guddrmfb frame buffer device 101.213426 usbcore:...

UBUNTU-CVE-2023-53760

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: mcq: Fix &hwq-cqlock deadlock issue When ufshcderrhandler is executed, CQ event interrupt can enter waiting for the same lock. This can happen in ufshcdhandlemcqcqevents and also in ufsmtkmcqintr. The following...

PT-2025-49447

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the Bluetooth implementation in the Linux kernel, specifically in the hci cmd sync dequeue once function. This function performs a lookup and cancellation ...

Linux Distros Unpatched Vulnerability : CVE-2023-53760

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: ufs: core: mcq: Fix &hwq-cqlock deadlock issue When ufshcderrhandler is executed, CQ event interrupt can enter waiting for the same lock. This can happen...

PT-2026-2513

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the USB PHY driver for Freescale fsl-usb within the Linux kernel. The vulnerability occurs due to a race condition during device removal where a delayed...

kernel: Bluetooth: Fix potential use-after-free when clear keys

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 "Bluetooth: Fix use-after-free in hciremoveltk/hciremoveirk". We can not access k after kfreercu call...

CLSA-2025-1763722365 kernel: Fix of 62 CVEs

wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226 CVE-2023-53226 - wifi: mac80211: check S1G action frame size CVE-2023-53257 CVE-2023-53257 - wifi: cfg80211: fix use-after-free in cmpbss CVE-2025-39864 CVE-2025-39864 - partitions: mac: fix handling of bogus partition...

Bluetooth: When HCI work queue is drained, only queue chained work

...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-43883)

usb: vhci-hcd: vulnerability due to the vhci-hcd driver dropping references before new ones were gained, potentially leading to the use of stale pointers. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

kernel: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue

A flaw was discovered in the Bluetooth subsystem of the Linux kernel. When processing a HCIEVNUMCOMPPKTS event, the function hciconntxdequeue did not properly hold or release the hdev device lock, which may lead to a use-after-free of the connection structure...

kernel: Linux kernel: Denial of Service in Bluetooth HCI UART driver via null pointer dereference

A flaw was found in the Linux kernel's Bluetooth HCI UART driver. A race condition exists where the hciuartwritework function may attempt to access uninitialized private data if a TTY write wakeup occurs during the protocol initialization phase. This can lead to a NULL pointer dereference,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990523)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990523 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is...