Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: now returns ERRPTR instead of NULL when there is no link. hciconnectsco currently returns NULL when there is no link i.e., when hciconnlink returns NULL. scoconnect expects ERRPTR in case of any error see...

CVE-2026-43023

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

SUSE-SU-2026:21341-1 Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

SUSE-SU-2026:21316-1 Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010941)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010941 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scoconnfree BUG: KASAN: slab-use-after-free in scoconnfree...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013036)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013036 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scoconnfree BUG: KASAN: slab-use-after-free in scoconnfree...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001579 advisory. A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race...

CVE-2023-54038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link i.e. when hciconnlink returns NULL. scoconnect expects an ERRPTR in case of any error see line 266...

UBUNTU-CVE-2023-54038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link i.e. when hciconnlink returns NULL. scoconnect expects an ERRPTR in case of any error see line 266...

PT-2025-52995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation within the hci conn component. Specifically, the hci connect sco and hci connect cis functions were returning NULL when a lin...

EUVD-2025-201636

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scoconnfree BUG: KASAN: slab-use-after-free in scoconnfree net/bluetooth/sco.c:87 inline BUG: KASAN: slab-use-after-free in krefput include/linux/kref.h:65 inline BUG: KASAN: slab-use-after-free in...

DEBIAN-CVE-2025-40309

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scoconnfree BUG: KASAN: slab-use-after-free in scoconnfree net/bluetooth/sco.c:87 inline BUG: KASAN: slab-use-after-free in krefput include/linux/kref.h:65 inline BUG: KASAN: slab-use-after-free in...

UBUNTU-CVE-2025-40309

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scoconnfree BUG: KASAN: slab-use-after-free in scoconnfree net/bluetooth/sco.c:87 inline BUG: KASAN: slab-use-after-free in krefput include/linux/kref.h:65 inline BUG: KASAN: slab-use-after-free in...

CVE-2025-40309

No technical details publicly available in the provided documents for CVE-2025-40309 beyond the summary. Monitor for vendor advisories or updated connected documents to determine affected products, impact, and fixes.

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990098)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990098 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988975)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988975 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986451)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986451 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket...

EUVD-2025-19764

Malicious code in bioql PyPI...

PT-2025-49441

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc5-g717368f83676 4 Description The Linux kernel contains a use-after-free issue within the Bluetooth Subclass Offset SCO component. This flaw is related to improper handling of memory freeing during SCO...

SUSE CVE-2025-38099

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READVOICESETTING is unsupported/broken A SCO connection without the proper voicesetting can cause the controller to lock up...