kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free

A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

CVE-2025-68135

EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the TbdController loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers...

kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free

A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

SUSE CVE-2023-53673

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: call disconnect callback before deleting conn In hcicsdisconnect, we do hciconndel even if disconnection failed. ISO, L2CAP and SCO connections refer to the hciconn without hciconnget, so disconncfm must be...

CVE-2023-53673

The CVE-2023-53673 issue is a Linux kernel Bluetooth vulnerability in the hci_event path. In hci_cs_disconnect, hci_conn_del is called even when disconnection failed, and ISO/L2CAP/SCO can reference hci_conn without hci_conn_get, so disconn_cfm must be called to clean up the conn; otherwise a use...

SUSE CVE-2024-54460

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in isolistenbis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning isolistenbis, to avoid any potential deadlock with hdev lock. 75.307983...

kernel: Bluetooth: ISO: Fix UAF on iso_sock_timeout

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on isosocktimeout conn-sk maybe have been unlinked/freed while waiting for isoconnlock so this checks if the conn-sk is still valid by checking if it part of isosklist...

NetBSD reference ISO protocol implementation multiple security vulnerabilities

Buffer overflows in different functions...

CVE-2007-1677

Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnproute...