25 matches found
Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
...
SUSE CVE-2026-46056
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...
CVE-2026-46056
A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...
EUVD-2026-32438
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: fix potential UAF in SSP passkey handlers hciconn lookup and field access must be covered by hdev lock in hciuserpasskeynotifyevt and hcikeypressnotifyevt, otherwise the connection can be freed concurrently...
CVE-2026-46056
Bluetooth: hcievent: fix potential UAF in SSP passkey handlers...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a potential issue with the SSP password key handling function in Bluetooth hcievent, allowing for the...
SUSE CVE-2024-27416
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix handling of HCIEVIOCAPAREQUEST If we received HCIEVIOCAPAREQUEST while HCIOPREADREMOTEEXTFEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generate...
UBUNTU-CVE-2024-27416
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix handling of HCIEVIOCAPAREQUEST If we received HCIEVIOCAPAREQUEST while HCIOPREADREMOTEEXTFEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generate...
kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
A flaw was found in Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4. This issue may allow certain man-in-the-middle attacks that force a short key length and might lead to discovery of the encryption key and live...
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6742-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6742-1 advisory. Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an...
SUSE CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...
The vulnerability in the implementation of Secure Connections Pairing and Secure Simple Pairing according to the Bluetooth Core Specification allows a attacker to carry out a “man-in-the-middle” attack.
The vulnerability of the Secure Connections Pairing and Secure Simple Pairing implementations in the Bluetooth Core Specification relates to the retrieval of session keys upon accessing a channel from a non-endpoint. Exploiting this vulnerability could allow an attacker to carry out a...
DEBIAN-CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...
CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...
CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...
UBUNTU-CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...
CVE-2023-24023
CVE-2023-24023 describes a Bluetooth BR/EDR MITM vulnerability (BLUFFS) where Secure Simple Pairing and Secure Connections in Bluetooth Core 4.2–5.4 can be forced to use short keys, potentially enabling encryption-key discovery and live injection. Connected IBM/AS/Android material confirms the sa...
CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...
CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...