CVE-2026-43019
HIGHBluetooth: hci_conn: fix potential UAF in set_cig_params_sync
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync hci_conn lookup and field access must be covered by hdev lock in set_cig_params_sync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hci_conn from being deleted or modified concurrently. Just RCU lock is not suitable here, as we also want to avoid "tearing" in the configuration.
References (5)
Core 5
Core References
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
2.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (24)
linux/Kernel
6.13.0 - 6.18.22linux
linux/Kernel
6.19.0 - 6.19.12linux
linux/Kernel
6.6.0 - 6.6.143linux
linux/Kernel
6.7.0 - 6.12.81linux
Linux/Linux
< 6.6
Linux/Linux
3a273cd0f47dd672d37736e623849374f9ab9ce9
Linux/Linux
6.12.81 - 6.12.*
Linux/Linux
6.18.22 - 6.18.*
Linux/Linux
6.19.12 - 6.19.*
Linux/Linux
6.4.16 - 6.5
... and 14 more
Published
May 01, 2026
Tracked Since
May 01, 2026