CVE-2026-43018

HIGH

Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt hci_conn lookup and field access must be covered by hdev lock in hci_le_remote_conn_param_req_evt, otherwise it's possible it is freed concurrently. Extend the hci_dev_lock critical section to cover all conn usage.

Scores

CVSS v3 8.8
EPSS 0.0026
EPSS Percentile 17.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (21)
linux/Kernel 5.17.0 - 6.1.168linux
linux/Kernel 6.13.0 - 6.18.22linux
linux/Kernel 6.19.0 - 6.19.12linux
linux/Kernel 6.2.0 - 6.6.134linux
linux/Kernel 6.7.0 - 6.12.81linux
Linux/Linux < 5.17
Linux/Linux 5.17
Linux/Linux 6.1.168 - 6.1.*
Linux/Linux 6.12.81 - 6.12.*
Linux/Linux 6.18.22 - 6.18.*
... and 11 more
Published May 01, 2026
Tracked Since May 01, 2026