RockyLinux 9 : kernel (RLSA-2026:21556)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21556 advisory. kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when setti...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2026-43020

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to validate encsize when loading LTK in the Bluetooth MGMT protocol, which could result in a stack...

EUVD-2020-8591

Malware in sbrugna...

EUVD-2022-41351

Malicious code in bioql PyPI...

CVE-2020-16630

TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairin...

PT-2023-17987 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the btu ble proc ltk req function of btu hcif.cc due to a missing bounds check. This could lead to local information disclosure, requiring Syste...

Code injection

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...

CVE-2020-16630

TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairin...

Stack overflow

TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that a victim mobile uses secure pairin...

CVE-2020-16630

The CVE-2020-16630 entry concerns TI’s BLE stack, where the Long-Term Key (LTK) property is cached and reused for bonded devices. A LTK can be unauthenticated (Just Works) or authenticated (Passkey Entry, Numeric Comparison, or OOB). If a victim mobile securely paired with a TI BLE device generat...

CVE-2019-19194

The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key LTK if an out-of-order link-layer encryption request...

CVE-2019-2102

CVE-2019-2102 concerns a BLE LTK misconfiguration where a long-term key from the BLE spec example could be used as a hardcoded LTK. The initial description specifies Android as affected, listing Android 7.0 through 9.0, with an attacker in proximity capable of remotely injecting keystrokes on a p...

jurefs-fn-ltk-rv.de XSS vulnerability

Open Bug Bounty ID: OBB-456252 Description| Value ---|--- Affected Website:| jurefs-fn-ltk-rv.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Che...

crackle - Crack Bluetooth Smart (BLE) Encryption

crackle cracks BLE Encryption AKA Bluetooth Smart. crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK Temporary Key. With the TK and other data collected from the pairing process, the STK Short Term Key and later the LTK Long Ter...