Lucene search
K

230 matches found

Cvelist
Cvelist
added 2026/06/30 4:29 p.m.37 views

CVE-2026-10654 RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...

3.1CVSS0.00128EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-53254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol- specific structs without validating skb-len first. A...

8.1CVSS6.1AI score0.00283EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.7 views

SUSE CVE-2026-53254

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...

8.1CVSS5.9AI score0.00283EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.7 views

SUSE CVE-2026-53256

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcommconnectind th...

8CVSS5.8AI score0.00266EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 12:37 a.m.7 views

CVE-2026-53254

A flaw was found in the Linux kernel's Bluetooth RFCOMM Radio Frequency Communication subsystem. A malicious remote device could exploit this vulnerability by sending specially crafted, truncated Multiplexing Control Channel MCC frames. This lack of proper validation of incoming data length befor...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.9 views

CVE-2026-53256

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcommconnectind th...

8CVSS0.00266EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:39 a.m.24 views

CVE-2026-53256

CVE-2026-53256 concerns the Linux kernel Bluetooth RFCOMM implementation. A race in rfcomm_connect_ind() can cause a use-after-free when handling listener sockets: rfcomm_get_sock_by_channel() may drop the list lock without holding a reference, and subsequent operations may free the listener befo...

8CVSS5.7AI score0.00266EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.32 views

CVE-2026-53256 Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in rfcommconnectind rfcommgetsockbychannel scans rfcommsklist under the list lock, but returns the selected listener after dropping that lock without taking a reference. rfcommconnectind th...

8CVSS0.00266EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53254

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...

5.7AI score0.00283EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.7 views

EUVD-2026-39205

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...

5.8AI score0.00283EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53254

The CVE-2026-53254 issue affects the Linux kernel Bluetooth RFCOMM MCC handlers, which cast skb data to protocol-specific structs without validating skb->len. A malicious remote device could send truncated MCC frames, causing out-of-bounds reads. The fix is to validate and access required data...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52349

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description RFCOMM MCC handlers cast skb-data to protocol-specific structs without first validating skb-len. This allows a malicious remote device to send truncated MCC frames, triggering...

8.1CVSS6.1AI score0.00283EPSS
Exploits0References20
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33776

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00083EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.14 views

CVE-2026-0045

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00083EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.12 views

ASB-A-380091558

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00083EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

A NULL pointer dereference vulnerability exists in the Linux kernel on Linux, x86, and ARM platforms including networking and Bluetooth modules. This vulnerability is related to the /net/bluetooth/rfcomm/core.C file. This issue affects the Linux kernel version v2.6.12-rc2...

6.3CVSS6.6AI score0.00615EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fixed a possible deadlock in rfcommskstatechange. syzbot reports a possible deadlock in rfcommskstatechange 1. While rfcommsockconnect acquires the sk lock and waits for the rfcomm lock, rfcommsockrelease might acquire...

5.5CVSS6.2AI score0.00137EPSS
Exploits0References2
OSV
OSV
added 2026/05/01 1:12 p.m.37 views

CLSA-2026-1777614769 kernel: Fix of 13 CVEs

crypto: algifaead - Fix minimum RX size check for decryption - crypto: afalg - Fix page reassignment overflow in afalgpulltsgl - crypto: authencesn - Fix src offset when decrypting in-place - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - crypto: authenc - use...

7.8CVSS7.4AI score0.00258EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013348 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to u...

3.3CVSS5.6AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/04/13 12:0 a.m.24 views

CVE-2026-31280

CVE-2026-31280 affects Parani M10 Motorcycle Intercom (v2.1.3) via the Bluetooth Classic RFCOMM service. Multiple sources describe an unauthenticated Denial of Service caused by sending crafted RFCOMM frames, leading to a device crash. The NVD and Red Hat entries corroborate the same impact; expl...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References3
Rows per page
Query Builder