CVE-2026-43019
Bluetooth UAF Fix in Linux Kernel HCI Connection
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's Bluetooth subsystem, specifically in the function set_cig_params_sync within hci_conn. The issue is a potential Use-After-Free (UAF) condition caused by improper locking. The hci_conn lookup and field access are not properly protected by the hdev lock, which can lead to the hci_conn object being freed or modified concurrently. The fix involves taking the hdev lock to prevent concurrent deletion or modification, as relying only on RCU locking is insufficient to avoid inconsistent configuration states.
How can this vulnerability impact me? :
This vulnerability can lead to a Use-After-Free condition in the Bluetooth subsystem of the Linux kernel. Such a condition may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service by exploiting the concurrent modification or deletion of Bluetooth connection objects.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the Bluetooth hci_conn use-after-free issue in set_cig_params_sync has been fixed.
Specifically, the fix involves taking the hdev lock to prevent concurrent deletion or modification of hci_conn, so applying the official kernel patch or upgrading to a patched kernel version is recommended.