25 matches found
EUVD-2026-38939
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel caller in the file acquires the lock first. A remote BLE device can sen...
SUSE CVE-2026-31510
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2capsockreadycb Before using sk pointer, check if it is null. Fix the following: KASAN: null-ptr-deref in range 0x0000000000000260-0x0000000000000267 CPU: 0 UID: 0 PID: 5985 Comm:...
EUVD-2026-24872
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdulen infinite loop l2capconfigreq processes CONFIGREQ for channels in BTCONNECTED state to support L2CAP reconfiguration e.g. MTU changes. However, since both CONFINPUTDONE and...
CVE-2025-32062 Stack Buffer Overflow leading to RCE in Bluetooth stack of Infotainment ECU
The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on th...
CVE-2025-32062
CVE-2025-32062 describes a stack-based buffer overflow in the Bluetooth stack by Alps Alpine for the Bosch Infotainment ECU. The issue stems from improper boundary validation of user-supplied data on a specific L2CAP packet, enabling remote code execution with root privileges. First identified on...
SUSE CVE-2023-53827
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2capdisconnectreq,rsp Similar to commit d0be8347c623 "Bluetooth: L2CAP: Fix use-after-free caused by l2capchanput", just use l2capchanholdunlesszero to prevent referencing a channel that i...
EUVD-2021-26778
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986436)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986436 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix use-after-free in l2capconndel When l2caprecvframe is invoked to receive...
EUVD-2021-7420
Malicious code in bioql PyPI...
CVE-2022-50386
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth: l2capcore.c:static void l2capchandestroystruct kref kref Bluetooth: chan...
CVE-2022-50386 Bluetooth: L2CAP: Fix user-after-free
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth: l2capcore.c:static void l2capchandestroystruct kref kref Bluetooth: chan...
CVE-2022-50386
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth: l2capcore.c:static void l2capchandestroystruct kref kref Bluetooth: chan...
CVE-2025-5476
Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-5476 Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability
Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-5476
CVE-2025-5476 describes an authentication bypass in the Sony XAV-AX8500 car multimedia receiver via Bluetooth. The root cause is improper isolation of ACL-U links, caused by a lack of L2CAP channel isolation, enabling network-adjacent attackers to bypass authentication on affected devices. Public...
(Pwn2Own) Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel...
The vulnerability of the l2cap_chan_timeout() function in the Linux kernel’s Bluetooth subsystem allows a hacker to trigger a service failure.
The vulnerability of the l2capchantimeout function in the net/bluetooth/l2capcore.c module of the Linux kernel’s Bluetooth subsystem is related to the swapping of the zero pointer due to concurrent access to resources race condition. Exploiting this vulnerability could allow a attacker to cause...
DEBIAN-CVE-2021-47038
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hcidev-lock and socket lock Commit eab2404ba798 "Bluetooth: Add BTPHY socket option" added a dependency between socket lock and hcidev-lock that could lead to deadlock. It turns out that...
PT-2022-35751 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.262 Description: The issue is related to the Bluetooth L2CAP protocol in the Linux Kernel. It involves the initialization of delayed works at the l2cap chan create function. The actual impact and attack...
Design/Logic Flaw
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions = 2.4.0, = 2.5.0 contain Use After Free CWE-416. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp...