EUVD-2026-25522

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCPCLOSED checks In nfcllcprecvhdlc and nfcllcprecvdisc, when the socket state is LLCPCLOSED, the code correctly calls releasesock and nfcllcpsockput but fails to return. Execution falls throu...

CVE-2026-31629

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCPCLOSED checks In nfcllcprecvhdlc and nfcllcprecvdisc, when the socket state is LLCPCLOSED, the code correctly calls releasesock and nfcllcpsockput but fails to return. Execution falls throu...

CVE-2026-31629

The CVE-2026-31629 vulnerability affects the Linux kernel NFC LLCP subsystem. Specifically, in nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is LLCP_CLOSED, the code correctly releases resources but lacks an early return, causing fall-through to subsequent release calls. Th...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003774)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003774 advisory. In nfcllcpbuildsdreqtlv of llcpcommands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege wi...

CVE-2025-12035

CVE-2025-12035 covers an integer overflow in the Bluetooth Host stack (bt_br_acl_recv) affecting BR/EDR L2CAP inbound processing in Zephyr’s Bluetooth implementation. The Red Hat/NVD/CVE listings describe the same issue; PT security entry notes affected Bluetooth host stack and the specific bt_br...

nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies

...

DEBIAN-CVE-2025-21969

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd After the hci sync command releases l2capconn, the hci receive data work queue references the released l2capconn when sending to the upper layer. Add hci dev lock to...

SUSE CVE-2024-6501

A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service...

CVE-2023-41910

An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDPTLVADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdpdecode in daemon/protocols/cdp.c...

Contiki-NG 缓冲区错误漏洞

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A buffer error vulnerability exists in Contiki-NG version 4.8 and prior versions, which stems from an out-of-bounds write in the BLE-L2CAP module...

PT-2023-1278 · Cisco · Cisco Webex Room Phone +1

Name of the Vulnerable Software and Affected Versions: Cisco Webex Room Phone affected versions not specified Cisco Webex Share affected versions not specified Description: A vulnerability in the Link Layer Discovery Protocol LLDP feature could allow an unauthenticated, adjacent attacker to cause...

PT-2022-26196 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG versions prior to 4.9 Description: The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack that is vulnerable to a NULL Pointer Dereference in the BLE L2CAP module. An attacker can inject a packet into...

Cisco ATA 190 缓冲区错误漏洞

The Cisco ATA 190 is an analog telephone adapter from Cisco. The Cisco ATA 190 Series has a buffer error vulnerability that stems from multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP. These vulnerabilities could allow an attacker to execute code,...

TRENDnet TI-PG1284i 代码问题漏洞

The TRENDnet TI-PG Series is a series of switches from TRENDnet. A security vulnerability exists in TRENDnet TI-PG1284i versions prior to 2.0.2.S0, which can be exploited by an attacker to crash a process by sending a crafted lldp packet to the device...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcpsockbind function. This flaw allows a local user to crash or escalate their privileges on the system. CVE-2020-25670 A...

Cisco Small Business 220 Series Smart Switches缓冲区错误漏洞

The Cisco Small Business 220 Series Smart Switches is a small smart switch device from Cisco USA. A buffer error vulnerability exists in the Cisco Small Business 220 Series Smart Switches, which can be exploited by an attacker to execute code on an affected device or cause the code to be...

Cisco Video Surveillance Manager 资源管理错误漏洞

Cisco Video Surveillance Manager VSM is a suite of video surveillance manager software from Cisco. It provides a browser-based user interface for collecting, managing, recording, archiving, and categorizing video from multiple third-party video encoders and IP cameras. A resource management error...

lldpd: buffer overflow in the lldp_decode function in daemon/protocols/lldp.c

A buffer overflow was found in the lldpdecode function in daemon/protocols/lldp.c in lldpd. This flaw allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. This threatens the...

Phoenix Contact PLCnext Control Devices 输入验证错误漏洞

Phoenix Contact PLCnext Control Devices is a programmable logic controller for industrial environments from Phoenix Contact. An input validation error vulnerability exists in Phoenix Contact PLCnext Control Devices prior to version 2021.0 LTS, which stems from a specially designed LLDP packet tha...

CVE-2019-2009

In l2clccprocpdu of l2cfcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0...