39 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-39860
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: Fix use-after-free in l2capsockcleanuplisten syzbot reported the splat below without a repro. In the splat, a single thread calling btacceptdequeue...
DEBIAN-CVE-2022-50386
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following trace: Bluetooth: l2capcore.c:static void l2capchandestroystruct kref kref Bluetooth: chan...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in l2caplecommandrej...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference in the l2capsockresumecb function...
CVE-2025-5477
Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth devi...
CVE-2025-5477
Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth devi...
(Pwn2Own) Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Do not leave a dangling sk pointer after an error in l2capsockcreate. The btsockalloc function allocates the sk object and attaches it to the provided sock object. If an error occurs in l2capsockalloc, the sk...
UBUNTU-CVE-2024-49950
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2capconnect Syzbot reported BUG: KASAN: slab-use-after-free in l2capconnect.constprop.0+0x10d8/0x1270 net/bluetooth/l2capcore.c:3949 Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54 CP...
PT-2023-33271 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.161 Description: The issue is related to a potential security vulnerability in the Bluetooth L2CAP protocol, specifically an u8 overflow. The actual impact and attack plausibility have not yet been proven...
PT-2023-33079 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.15 Description: The issue is related to a potential security vulnerability in the Bluetooth L2CAP protocol, specifically an u8 overflow. The actual impact and attack plausibility have not yet been proven...
PT-2022-36358 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.10.135 through 5.10.153 Description: A use-after-free issue exists in the l2cap conn del function of the Bluetooth L2CAP protocol. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...
PT-2022-35827 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue is related to a user-after-free problem in the Bluetooth L2CAP protocol. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
CVE-2022-41873
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata...
Out-of-bounds
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata...
CVE-2022-41873 Out-of-bounds read and write in BLE L2CAP module
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata...
DEBIAN-CVE-2012-6544
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the 1 L2CAP or 2 HCI implementation...
PT-2011-3903 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.0 Description: The issue is caused by an integer underflow in the l2cap config req function, which can lead to a denial of service due to heap memory corruption or possibly have other unspecified impacts. This...
kernel: bluetooth: potential bad memory access with sysfs files
Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service memory corruption via a large number of Bluetooth sockets, related to the size of sysfs files in 1 net/bluetooth/l2cap.c, 2 net/bluetooth/rfcomm/core.c, 3...