Bluetooth: virtio_bt: clamp rx length before skb_put

...

Bluetooth: virtio_bt: validate rx pkt_type header length

...

Linux Distros Unpatched Vulnerability : CVE-2026-46186

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe...

Linux Distros Unpatched Vulnerability : CVE-2026-46123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against th...

CVE-2026-46123

A flaw was found in the Linux kernel's virtio Bluetooth virtiobt driver. A malicious or faulty virtualized Bluetooth device could send a specially crafted message with an incorrect length. This could lead to the kernel reading uninitialized memory, potentially exposing sensitive information from...

CVE-2026-46186

A flaw was found in the Linux kernel's virtiobt Bluetooth virtual device driver. An untrusted backend can exploit this vulnerability by sending malformed Bluetooth packets with an insufficient header length. This can cause the system to read uninitialized kernel memory, potentially leading to...

UBUNTU-CVE-2026-46123

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

UBUNTU-CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

EUVD-2026-32813

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

CVE-2026-46186

Summary: CVE-2026-46186 affects the Linux kernel Bluetooth virtio_bt driver. The vulnerability arises in virtbt_rx_handle(), which reads the leading pkt_type byte from RX skb and forwards the rest to hci_recv_frame() for multiple packet types without validating that the remaining payload is large...

CVE-2026-46186

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of clamping on the rx length in the Bluetooth virtiobt module. This vulnerability may le...

PT-2026-44309

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The virtbt rx handle function in the Bluetooth virtio bt driver fails to validate that the remaining payload length is sufficient to cover the fixed HCI header for the selected packet ty...

Linux Distros Unpatched Vulnerability : CVE-2022-26878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drivers/bluetooth/virtiobt.c in the Linux kernel before 5.16.3 has a memory leak socket buffers have memory allocated but not freed. CVE-2022-26878 Note that...

SUSE CVE-2022-26878

drivers/bluetooth/virtiobt.c in the Linux kernel before 5.16.3 has a memory leak socket buffers have memory allocated but not freed...

The vulnerability in the function of drivers/bluetooth/virtio_bt.c in the Linux kernel allows a hacker to cause a service failure.

The vulnerability in the driver/bluetooth/virtiobt.c file of the Linux kernel is related to memory release errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

USN-5383-1 linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex...

USN-5383-1: Linux kernel vulnerabilities

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex...

drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).

...