23 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46186
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe...
Linux Distros Unpatched Vulnerability : CVE-2026-46123
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against th...
CVE-2026-46123
A flaw was found in the Linux kernel's virtio Bluetooth virtiobt driver. A malicious or faulty virtualized Bluetooth device could send a specially crafted message with an incorrect length. This could lead to the kernel reading uninitialized memory, potentially exposing sensitive information from...
CVE-2026-46186
A flaw was found in the Linux kernel's virtiobt Bluetooth virtual device driver. An untrusted backend can exploit this vulnerability by sending malformed Bluetooth packets with an insufficient header length. This can cause the system to read uninitialized kernel memory, potentially leading to...
UBUNTU-CVE-2026-46186
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...
UBUNTU-CVE-2026-46123
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...
CVE-2026-46186
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...
CVE-2026-46186
The CVE-2026-46186 issue affects the Linux kernel Bluetooth virtio_bt driver. In virtbt_rx_handle(), the driver reads the leading pkt_type from the RX skb and forwards the remaining payload to hci_recv_frame() for all packet types (event/ACL/SCO/ISO) without verifying that the payload is large en...
EUVD-2026-32813
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...
CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of clamping on the rx length in the Bluetooth virtiobt module. This vulnerability may le...
PT-2026-44309
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtio bt: validate rx pkt type header length virtbt rx handle reads the leading pkt type byte from the RX skb and forwards the remainder to hci recv frame for every event/ACL/SCO/ISO type, without checking that the...
Linux Distros Unpatched Vulnerability : CVE-2022-26878
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drivers/bluetooth/virtiobt.c in the Linux kernel before 5.16.3 has a memory leak socket buffers have memory allocated but not freed. CVE-2022-26878 Note that...
SUSE CVE-2022-26878
drivers/bluetooth/virtiobt.c in the Linux kernel before 5.16.3 has a memory leak socket buffers have memory allocated but not freed...
USN-5383-1: Linux kernel vulnerabilities
David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex...
USN-5383-1 linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities
David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex...
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).
...
Linux Kernel VirtIO Bluetooth driver denial of service vulnerability
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A denial of service vulnerability exists in the Linux Kernel VirtIO Bluetooth driver, which is caused by a memory leak in the VirtIO Bluetooth driver memory leak in driver/Bluetooth/VirtIObt.c. A local...
CVE-2022-26878
drivers/bluetooth/virtiobt.c in the Linux kernel before 5.16.3 has a memory leak socket buffers have memory allocated but not freed...
AZL-9066 CVE-2022-26878 affecting package kernel for versions less than 5.15.32.1-2
drivers/bluetooth/virtiobt.c in the Linux kernel before 5.16.3 has a memory leak socket buffers have memory allocated but not freed...