VYPR

Bluetooth

by Toshiba

CVEs (28)

  • CVE-2026-8676HigMay 26, 2026
    risk 0.57cvss 8.8epss 0.00

    An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.

  • CVE-2026-21011MedApr 13, 2026
    risk 0.44cvss 6.8epss 0.00

    Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.

  • CVE-2019-8921MedNov 29, 2021
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting…

  • CVE-2016-3839MedAug 5, 2016
    risk 0.36cvss 5.5epss 0.00

    Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug…

  • CVE-2024-0045Mar 11, 2024
    risk 0.00cvss epss 0.00

    In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0016Feb 16, 2024
    risk 0.00cvss epss 0.00

    In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-0030Feb 16, 2024
    risk 0.00cvss epss 0.00

    In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40080Dec 4, 2023
    risk 0.00cvss epss 0.00

    In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21380Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21361Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21314Oct 30, 2023
    risk 0.00cvss epss 0.00

    In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-40129Oct 27, 2023
    risk 0.00cvss epss 0.00

    In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35684Sep 11, 2023
    risk 0.00cvss epss 0.00

    In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35681Sep 11, 2023
    risk 0.00cvss epss 0.01

    In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35666Sep 11, 2023
    risk 0.00cvss epss 0.00

    In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-35658Sep 11, 2023
    risk 0.00cvss epss 0.00

    In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21273Aug 14, 2023
    risk 0.00cvss epss 0.00

    In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-21250Jul 12, 2023
    risk 0.00cvss epss 0.01

    In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2022-21767Jul 6, 2022
    risk 0.00cvss epss 0.00

    In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430.

  • CVE-2022-30725Jun 7, 2022
    risk 0.00cvss epss 0.00

    Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Page 1 of 2