CVE-2026-43018
HIGHBluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt hci_conn lookup and field access must be covered by hdev lock in hci_le_remote_conn_param_req_evt, otherwise it's possible it is freed concurrently. Extend the hci_dev_lock critical section to cover all conn usage.
References (6)
Core 6
Core References
Scores
CVSS v3
8.8
EPSS
0.0026
EPSS Percentile
17.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (21)
linux/Kernel
5.17.0 - 6.1.168linux
linux/Kernel
6.13.0 - 6.18.22linux
linux/Kernel
6.19.0 - 6.19.12linux
linux/Kernel
6.2.0 - 6.6.134linux
linux/Kernel
6.7.0 - 6.12.81linux
Linux/Linux
< 5.17
Linux/Linux
5.17
Linux/Linux
6.1.168 - 6.1.*
Linux/Linux
6.12.81 - 6.12.*
Linux/Linux
6.18.22 - 6.18.*
... and 11 more
Published
May 01, 2026
Tracked Since
May 01, 2026