CVE-2026-43019

HIGH

Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync hci_conn lookup and field access must be covered by hdev lock in set_cig_params_sync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hci_conn from being deleted or modified concurrently. Just RCU lock is not suitable here, as we also want to avoid "tearing" in the configuration.

References (4)

Core 4

Core References

https://git.kernel.org/stable/c/a2639a7f0f5bf7d73f337f8f077c19415c62ed2c

https://git.kernel.org/stable/c/66d432e9b45bae7881ffcdb12cd8fd0bf254ef02

https://git.kernel.org/stable/c/7d568fede8eac91161a60b710aa920abe9b0fb9f

https://git.kernel.org/stable/c/bad65b4b0a96139f023eadc28a33125963208449

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (18)

Linux/Linux < 6.6

Linux/Linux 3a273cd0f47dd672d37736e623849374f9ab9ce9

Linux/Linux 6.12.81 - 6.12.*

Linux/Linux 6.18.22 - 6.18.*

Linux/Linux 6.19.12 - 6.19.*

Linux/Linux 6.4.16 - 6.5

Linux/Linux 6.5.3 - 6.6

Linux/Linux 6.6

Linux/Linux 7.0

Linux/Linux a091289218202bc09d9b9caa8afcde1018584aec - 66d432e9b45bae7881ffcdb12cd8fd0bf254ef02

... and 8 more

Published May 01, 2026

Tracked Since May 01, 2026