665 matches found
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-49979: net: fix refcount bug in skpsockget bsc1245109. CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2026-23239: espintcp: Fix race condition in...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013...
RockyLinux 9 : kernel (RLSA-2026:21556)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21556 advisory. kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when setti...
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...
kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect()
A flaw was found in the Linux kernel, specifically within its Bluetooth Synchronous Connection-Oriented SCO component. This vulnerability occurs due to race conditions when multiple connection attempts are made simultaneously on the same Bluetooth socket. This can lead to a use-after-free error,...
kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed issues with dangling scoconn objects and use-after-free in scosocktimeout. Consecutively connecting the same socket twice in scosockconnect could lead to a race condition, where two scoconn objects are created...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fixed race conditions in scosockconnect The scosockconnect function checks skstate and sktype without holding the socket lock. Two concurrent connect system calls on the same socket can both pass the check and ent...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: In hcievent, there is a callback for call disconnect that is called before the connection is deleted. In hcicsdisconnect, we call hciconndel even if the disconnection fails. Connections using ISO, L2CAP, and SCO rel...
CentOS 9 : kernel-5.14.0-701.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-701.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - limit RX SG extraction by receive buffer budget Mak...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scoconnfree BUG: KASAN: slab-use-after-free in scoconnfree net/bluetooth/sco.c:87 inline BUG: KASAN: slab-use-after-free in krefput include/linux/kref.h:65 inline BUG: KASAN: slab-use-after-free in...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link i.e. when hciconnlink returns NULL. scoconnect expects an ERRPTR in case of any error see line 266...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Disable SCO support if READVOICESETTING is not supported/broken. A SCO connection with incorrect voice settings can cause the controller to lock up...
Astra Linux - уязвимость в linux, linux-5.10
A flaw after-free usage in the function scosocksendmsg of the Linux kernel’s HCI subsystem was discovered. This flaw allows a privileged local user to exploit it to crash the system or escalate their privileges on the system. This flaw triggers a race condition when the user calls ioct...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported scosocksetsockopt is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49...
Linux Distros Unpatched Vulnerability : CVE-2026-43023
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls ...
CVE-2026-43023
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...
CVE-2026-43023
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...
CVE-2026-43023
CVE-2026-43023 affects the Linux kernel Bluetooth SCO path. A race condition in sco_sock_connect() allows two concurrent connect() attempts on the same socket to bypass locks, leading to use-after-free and potential socket/state corruption (BT_OPEN -> BT_CONNECT with zombie sk). The issue is d...