2 matches found
CVE-2023-53673 Bluetooth: hci_event: call disconnect callback before deleting conn
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: call disconnect callback before deleting conn In hcicsdisconnect, we do hciconndel even if disconnection failed. ISO, L2CAP and SCO connections refer to the hciconn without hciconnget, so disconncfm must be...
CVE-2022-49474
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket twice consecutively in scosockconnect could lead to a race condition where two scoconn objects are created but only one is associated...