CVE-2026-43019

HIGH7.8

Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

Published May 1, 2026

Modified 6 days ago

Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

hci_conn lookup and field access must be covered by hdev lock in set_cig_params_sync, otherwise it's possible it is freed concurrently.

Take hdev lock to prevent hci_conn from being deleted or modified concurrently. Just RCU lock is not suitable here, as we also want to avoid "tearing" in the configuration.

References

WEB

https://git.kernel.org/stable/c/66d432e9b45bae7881ffcdb12cd8fd0bf254ef02

WEB

https://git.kernel.org/stable/c/7d568fede8eac91161a60b710aa920abe9b0fb9f

WEB

https://git.kernel.org/stable/c/a2639a7f0f5bf7d73f337f8f077c19415c62ed2c

WEB

https://git.kernel.org/stable/c/bad65b4b0a96139f023eadc28a33125963208449

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2026-43019

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMay 1, 2026

ModifiedMay 23, 2026

CVE-2026-43019 | Mondoo Vulnerability Intelligence