12 matches found
kernel: Bluetooth: hci_sync: Fix UAF in le_read_features_complete
A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: Fixed a UAF in lereadfeaturescomplete. This fix addresses the issue where the hciconn variable was freed before lereadfeaturescomplete, but after hcilereadremotefeaturessync. As a result, hciconndel -...
CVE-2026-43322
A flaw was found in the Bluetooth Host Controller Interface HCI synchronization module hcisync of the Linux kernel. A use-after-free UAF vulnerability exists in the lereadfeaturescomplete function, where a freed hciconn object is accessed. This can allow an attacker to cause a system crash, leadi...
SUSE CVE-2026-43322
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
EUVD-2026-28606
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
CVE-2026-43322
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
CVE-2026-43322
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
CVE-2026-43322
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
CVE-2026-43322 Bluetooth: hci_sync: Fix UAF in le_read_features_complete
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
CVE-2026-43322
CVE-2026-43322 is a Linux kernel vulnerability in Bluetooth HCI sync handling (le_read_features_complete). The issue is a use-after-free (UAF) caused by freeing hci_conn after le_read_features_complete has been initiated but before it completes, allowing hci_cmd_sync_dequeue to fail to prevent th...
CVE-2026-43322
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace caused by hciconn being freed before lereadfeaturescomplete but after hcilereadremotefeaturessync so hciconndel - hcicmdsyncdequeue is not...
PT-2026-38973
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free UAF issue exists in the Bluetooth component of the Linux kernel. The problem occurs in the le read features complete function when hci conn is freed after hci le read...