1025 matches found
CVE-2026-53357
CVE-2026-53357 triggers a use-after-free in the Linux kernel Bluetooth stack (l2cap) when closing a listening socket: bt_accept_dequeue() temporarily holds the child, then cleanup_listen() may operate on a sk that has already been freed by l2cap_conn_del() during an HCI disconnect. The race occur...
EUVD-2026-41372
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...
CVE-2026-10654
A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...
CVE-2026-53208 Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...
CVE-2026-53208
The CVE-2026-53208 entry concerns the Linux kernel Bluetooth subsystem: BR/EDR signaling packets are not enforcing MTUsig, allowing a remote BR/EDR peer within radio range (before pairing) to send a single 681-byte signaling packet containing multiple L2CAP_ECHO_REQ commands, which can trigger 16...
EUVD-2026-39299
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...
Linux Distros Unpatched Vulnerability : CVE-2026-53071
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel...
EUVD-2026-38939
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock in l2capecredreconfrsp l2capecredreconfrsp calls l2capchandel without holding l2capchanlock. Every other l2capchandel caller in the file acquires the lock first. A remote BLE device can sen...
PT-2026-51965
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth Logical Link Control and Adaptation Protocol L2CAP implementation. A remote Bluetooth Low Energy BLE device can trigger the issue by sending a specially...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A issue was discovered in the Linux kernel through version 6.0.10. In the l2capconfigreq function within net/bluetooth/l2capcore.c, there is an integer wraparound occurring when processing L2CAPCONFREQ packets...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability classified as critical was discovered in the Linux kernel. The vulnerability affects the function l2capreassemblesdu in the file net/bluetooth/l2capcore.c of the Bluetooth component. This vulnerability stems from improper memory management, leading to an attempt to reuse freed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed use-after-free issue. Fixed potential use-after-free in l2caplecommandrej...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
There are use-after-free vulnerabilities in the net/bluetooth/l2capcore.c files, specifically in the l2capconnect and l2capleconnectreq functions. These vulnerabilities may allow code execution and the leakage of kernel memory remotely via Bluetooth. A remote attacker can execute code that leaks...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
There is a known vulnerability in the l2capparseconfreq function of the Linux kernel’s net/bluetooth/l2capcore.c file, which can be exploited to remotely leak kernel pointers. We recommend upgrading to a later commit:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability, classified as critical, was discovered in the Linux kernel. The affected function is l2capconndel in the file net/bluetooth/l2capcore.c of the Bluetooth component. This vulnerability allows for exploitation after the memory allocation has been freed. It is recommended that patche...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: A stack-out-of-bounds read occurred in l2capecredconnreq. Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd, which is triggered by a malformed Enhanced Credit Based Connection Request. The...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed “use-after-free” issue This involves using l2capchanholdunlesszero after calling l2capgetchanblah to prevent the following error: Bluetooth: l2capcore.c: static void l2capchandestroystruct krefkref...
Astra Linux – Vulnerability in Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a division by zero issue in l2capleflowctlinit. l2capleflowctlinit may cause both a division by zero and an integer overflow, as hdev-lemtu may not fall within the valid range. The MTU value was moved...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fixed a memory leak in vhciwrite Syzkaller reported a memory leak as follows: ==================================== BUG: Memory leak Unreferenced object 0xffff88810d81ac00 size 240: ... Hex dump first 32 bytes: 0...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a use-after-free caused by l2capreassemblesdu. Fixed a race condition between the following two processes that run parallelly: 1. l2capreassemblesdu - chan-ops-recv l2capsockrecvcb - sockqueuercvskb. 2...