7 matches found
ROS-20260114-7302
A vulnerability in the rfcommsockalloc function of the net/bluetooth/rfcomm/sock.c module of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s Bluetooth kernel component is related to incorrect blocking of resources in the function rfcommsockioctl. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2023-53016
CVE-2023-53016 concerns a potential deadlock in the Linux kernel Bluetooth rfcomm path. The issue arises when rfcomm_sock_connect holds the sk lock while waiting for the rfcomm lock, and rfcomm_sock_release may hold the rfcomm lock and attempt to acquire the sk lock, creating a deadlock scenario....
AZL-55611 CVE-2024-56604 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...
DEBIAN-CVE-2013-3225
The rfcommsockrecvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...
UBUNTU-CVE-2013-3225
The rfcommsockrecvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...
kernel: bluetooth: potential bad memory access with sysfs files
Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service memory corruption via a large number of Bluetooth sockets, related to the size of sysfs files in 1 net/bluetooth/l2cap.c, 2 net/bluetooth/rfcomm/core.c, 3...