Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added 2026/06/04 3:55 p.m.7 views

kernel: Bluetooth: hci_sync: Fix UAF in le_read_features_complete

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: Fixed a UAF in lereadfeaturescomplete. This fix addresses the issue where the hciconn variable was freed before lereadfeaturescomplete, but after hcilereadremotefeaturessync. As a result, hciconndel -...

8.8CVSS5.9AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 10:54 a.m.10 views

CVE-2026-43322

A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.12 views

SUSE CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

8.8CVSS5.7AI score0.00219EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 3:31 p.m.11 views

EUVD-2026-28606

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

5.8AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 2:16 p.m.34 views

CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

8.8CVSS0.00219EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.10 views

CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:31 p.m.6 views

CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

5.7AI score0.00219EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/08 1:31 p.m.54 views

CVE-2026-43322 Bluetooth: hci_sync: Fix UAF in le_read_features_complete

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

8.8CVSS0.00219EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 1:31 p.m.20 views

CVE-2026-43322

CVE-2026-43322 is a Linux kernel vulnerability in Bluetooth HCI sync handling (le_read_features_complete). The issue is a use-after-free (UAF) caused by freeing hci_conn after le_read_features_complete has been initiated but before it completes, allowing hci_cmd_sync_dequeue to fail to prevent th...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/08 1:31 p.m.10 views

CVE-2026-43322

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...

8.8CVSS5.7AI score0.00219EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-38973

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free UAF issue exists in the Bluetooth component of the Linux kernel. The problem occurs in the le read features complete function when hci conn is freed after hci le read...

8.8CVSS7.6AI score0.00219EPSS
Exploits0References29
Rows per page
Query Builder