Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.5 views

kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync

A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI synchronization. A local user could trigger a stack buffer overflow by binding a specific type of Bluetooth socket with an excessive number of Bluetooth Isochronous Stream BIS entries. This memory corruption can lead t...

7.8CVSS7.3AI score0.00142EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:35 a.m.11 views

EUVD-2026-32765

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix OOB read and infinite loop in hcilecreatebigcompleteevt hcilecreatebigcompleteevt iterates over BTBOUND connections for a BIG handle using a while loop, accessing ev-bishandlei++ on each iteration. Howeve...

5.7AI score0.00277EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.10 views

SUSE CVE-2026-31772

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...

7.8CVSS5.9AI score0.00142EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.30 views

CVE-2026-31772 Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix stack buffer overflow in hcilebigcreatesync hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack with room for 0x11 17 BIS entries. However, conn-numbis can hold up to...

7.8CVSS0.00142EPSS
Exploits0References4
Rows per page
Query Builder