Vudentz

**Name of the Vulnerable Software and Affected Versions** BlueZ (affected versions not specified) **Description** A memory leak issue exists in the `sdp cstate alloc buf` function of the BlueZ Bluetooth protocol stack for Linux. This function allocates memory that remains in the singly linked list of cstates and is not freed, causing a memory leak over time. An attacker can exploit this by continuously sending sdp packets, potentially causing the service of the target device to crash due to the large object size. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlueZ (affected versions not specified) **Description** The issue is related to the incorrect saving of the Discoverable status of Bluetooth adapters when a device is powered down, which is then restored when the device is powered on again. If a device is powered down while in a discoverable state, it will remain discoverable when powered on, potentially exposing the Bluetooth stack to nearby attackers. This could lead to the inadvertent exposure of confidential data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.