Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed use-after-free bugs caused by scosocktimeout. When the sco connection is established, the sco sock is released. At that time, timeoutwork is scheduled to determine whether the sco disconnection is timed out. T...

Astra Linux – Vulnerability in Linux, Linux 5.10

A flaw after-free usage in the function scosocksendmsg of the Linux kernel’s HCI subsystem was discovered. This flaw allows a privileged local user to exploit it to crash the system or escalate their privileges on the system. This flaw triggers a race condition when the user calls ioct...

CVE-2026-43023

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in scosockconnect scosockconnect checks skstate and sktype without holding the socket lock. Two concurrent connect syscalls on the same socket can both pass the check and enter scoconnect,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001579)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001579 advisory. A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race...

EUVD-2020-23168

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987284)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987284 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket...

kernel: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...

The vulnerability of the sco_sock_connect() function in the net/bluetooth/sco.c module of the Linux kernel’s Bluetooth subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the scosockconnect function in the net/bluetooth/sco.c module of the Linux Bluetooth subsystem is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure

The vulnerability of the scosocksetsockopt function in the Linux kernel’s Bluetooth component is related to read misses beyond the boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2022-49474

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket twice consecutively in scosockconnect could lead to a race condition where two scoconn objects are created but only one is associated...

UBUNTU-CVE-2022-49474

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling scoconn and use-after-free in scosocktimeout Connecting the same socket twice consecutively in scosockconnect could lead to a race condition where two scoconn objects are created but only one is associated...

Important: kernel

Issue Overview: A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory...

The vulnerability of the sco_sock_timeout() function in the Linux operating system’s Bluetooth kernel implementation allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the scosocktimeout function in the net/bluetooth/sco.c module of the Linux operating system’s Bluetooth kernel implementation is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

SUSE CVE-2024-50125

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scosocktimeout conn-sk maybe have been unlinked/freed while waiting for scoconnlock so this checks if the conn-sk is still valid by checking if it part of scosklist...

DEBIAN-CVE-2024-50125

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scosocktimeout conn-sk maybe have been unlinked/freed while waiting for scoconnlock so this checks if the conn-sk is still valid by checking if it part of scosklist...

AZL-52461 CVE-2024-50125 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scosocktimeout conn-sk maybe have been unlinked/freed while waiting for scoconnlock so this checks if the conn-sk is still valid by checking if it part of scosklist...

UBUNTU-CVE-2024-50125

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scosocktimeout conn-sk maybe have been unlinked/freed while waiting for scoconnlock so this checks if the conn-sk is still valid by checking if it part of scosklist...

Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-15020024191 fixes several issues. The following security issues were fixed: CVE-2021-47600: dm btree remove: fix use after free in rebalancechildren bsc1227472. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2023-52752: smb:...

DEBIAN-CVE-2024-27398

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...

UBUNTU-CVE-2024-27398

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...