bluetooth security

Microsoft has published an advisory for CVE-2026-23671: a kernel‑level race condition in the Windows Bluetooth RFCOM Protocol Driver that can be abused by a locally authenticated, low‑privilege user to escalate to SYSTEM — and Microsoft’s update guidance indicates fixes were released on March...

A newly disclosed Linux-kernel vulnerability in the Bluetooth L2CAP implementation — tracked as CVE-2025-21969 — is a slab use-after-free in l2cap_send_cmd that can trigger kernel memory corruption and sustained denial-of-service, and it has been fixed upstream by synchronizing the HCI receive...

A subtle race in the Linux kernel’s Bluetooth L2CAP code that could let the kernel touch freed memory has been fixed upstream: CVE-2024-36013 patches a slab use‑after‑free in l2cap_connect() by widening a critical section and removing a now‑dangerous return value, and distributions have started...

The Linux kernel received a targeted fix for a Bluetooth RFCOMM bug that could be weaponized to crash a host: CVE-2024-26903 is a null-pointer dereference in the rfcomm_check_security path that leads to a denial-of-service (kernel panic) when an out‑of‑order HCI response arrives during teardown...

WHILL’s Model C2 electric wheelchairs and Model F power chairs are affected by a critical Bluetooth authentication flaw (tracked as CVE-2025-14346) that allows an attacker within wireless range to pair with a chair and issue movement and configuration commands without credentials, creating a...

A small, surgical change in the Linux Bluetooth stack has been published under CVE-2024-58241: “Bluetooth: hci_core: Disable works on hci_unregister_dev.” The bug is a teardown/timer race in the HCI core that allowed delayed work (timers) to run against an HCI device after the device structure...

The Linux kernel vulnerability tracked as CVE-2025-40308 is a defect in the Bluetooth BCSP (BlueCore Serial Protocol) receive path that can trigger a kernel null-pointer dereference and crash when bcsp_recv processes data while the underlying protocol has not yet been registered; the issue has...

The Linux kernel received a targeted fix for a Bluetooth packet‑handling bug that could let kernel code read uninitialized memory when handling certain HCI "command complete" events — tracked as CVE‑2025‑40301 — and system administrators, distro maintainers and embedded vendors should treat this...

A recently published Linux kernel security advisory, tracked as CVE‑2024‑56591, fixes a flaw in the Bluetooth stack that could allow a local actor to trigger a destructive condition during connection teardown; Microsoft’s Security Response Center (MSRC) has attested that Azure Linux images...

Microsoft’s brief advisory on CVE-2025-38303 confirms that Microsoft’s Azure Linux images include the upstream Linux Bluetooth code that was patched for the eir_create_adv_data crash, and Microsoft says it will update the CVE/VEX/CSAF product mapping if additional Microsoft products are later...

Windows Swift Pair has rapidly become a notable feature for users hoping to simplify the once-cumbersome task of connecting Bluetooth devices to their PCs. Gone are the days when manually navigating complex Bluetooth settings was a frustrating, multi-step process fraught with pitfalls. Instead...

Windows 11, as of version 22H2, supports Bluetooth Core Specification version 5.3, encompassing a comprehensive range of profiles and protocols to facilitate diverse wireless functionalities. Core Specification Support: Host Controller Interface (HCI): Facilitates communication between the host...

Understanding CVE-2021-1683: A Security Barrier Breached What is CVE-2021-1683? CVE-2021-1683 refers to a vulnerability within the Windows Bluetooth stack that fundamentally compromises the security features designed to protect users from unauthorized access. Specifically, this is categorized as...