45 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-52918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: serialize acceptq access btsockpoll walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last...
CVE-2026-31771
A flaw was found in the Linux kernel's Bluetooth subsystem. A remote attacker could exploit a missing bounds check by sending a specially crafted, short Bluetooth Host Controller Interface HCI event frame. This could lead to a buffer overflow, potentially allowing the attacker to cause a denial o...
ROS-20260129-73-0013
A vulnerability in the OBEX protocol implementation of the Bluetooth protocol stack for Linux BlueZ is related to reading outside the valid range. Exploitation of the vulnerability could allow a remote attacker to gain access to protected information...
CVE-2025-40294 Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to HCIMAXEXTADLENGTH251. The size of the 'value' array in the mgmtadvpatter...
Siemens SIMATIC S7-1500 Use After Free (CVE-2023-40283)
An issue was discovered in l2capsockrelease in net/bluetooth/l2capsock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Linux Distros Unpatched Vulnerability : CVE-2025-39983
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciconntxdequeue This fixes the following UAF caused by not...
Siemens SIMATIC Devices Race Condition (CVE-2024-24857)
A race condition was found in the Linux kernel's net/bluetooth device driver in conninfomin,maxageset function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. This plugin only works with Tenable.ot. Please visit...
Linux Distros Unpatched Vulnerability : CVE-2016-3744
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the createpbuf function in btif/src/btifhh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before...
CVE-2025-38593 Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()'
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...
Linux Distros Unpatched Vulnerability : CVE-2025-38473
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: Fix null-ptr-deref in l2capsockresumecb syzbot reported null-ptr-deref in l2capsockresumecb. 0 l2capsockresumecb has a similar problem that was fixed...
The vulnerability of the vhciFlush() function in the include/linux/skbuff.h library of the Linux Bluetooth kernel component allows a attacker to execute arbitrary code, gain elevated privileges, or cause a service failure.
The vulnerability of the vhciFlush function in the include/linux/skbuff.h library of the Linux Bluetooth kernel component is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code, increase their privileges, or cause service...
Linux Distros Unpatched Vulnerability : CVE-2020-25661
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw...
Linux Distros Unpatched Vulnerability : CVE-2024-24860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition was found in the Linux kernel's bluetooth device driver in min,maxkeysizeset function. This can result in a null pointer dereference issue,...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s Bluetooth kernel component is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the hci_get_random_address() function in the Linux operating system’s Bluetooth kernel component allows a hacker to induce a service failure.
The vulnerability of the hcigetrandomaddress function in the Linux operating system’s Bluetooth kernel component is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the btintel_pcie_setup_hdev() function in the Linux kernel’s Bluetooth device support driver allows a hacker to cause a service failure.
The vulnerability of the btintelpciesetuphdev function in the Linux kernel’s Bluetooth device support driver is related to improper control of resource identifiers “resource injection”. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s Bluetooth kernel component is related to improper error handling in the function isoinit in net/bluetooth/iso.c. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the scosocksetsockopt function in the Linux kernel’s Bluetooth component is related to read misses beyond the boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the rfcommsocksetsockoptold and rfcommsocksetsockopt functions of the Linux kernel’s Bluetooth component is related to read-off-bounds errors. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the hci_unregister_dev() function (net/bluetooth/hci_core.c) in the Linux operating system’s Bluetooth kernel driver allows a attacker to cause a service failure.
The vulnerability of the hciunregisterdev function net/bluetooth/hcicore.c in the Linux operating system’s Bluetooth kernel driver is related to improper resource locking. Exploiting this vulnerability could allow an attacker to cause a service failure...