CVE-2026-43019
Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
3th
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync hci_conn lookup and field access must be covered by hdev lock in set_cig_params_sync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hci_conn from being deleted or modified concurrently. Just RCU lock is not suitable here, as we also want to avoid "tearing" in the configuration.
| Vendor | linux |
| Product | linux |
| Ecosystems | |
| Industries | Technology |
| Published | May 1, 2026 |
| Last Updated | May 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for linux linux
Be the first to know when new high vulnerabilities affecting linux linux are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Linux / Linux
a091289218202bc09d9b9caa8afcde1018584aec < 66d432e9b45bae7881ffcdb12cd8fd0bf254ef02 a091289218202bc09d9b9caa8afcde1018584aec < 7d568fede8eac91161a60b710aa920abe9b0fb9f a091289218202bc09d9b9caa8afcde1018584aec < bad65b4b0a96139f023eadc28a33125963208449 a091289218202bc09d9b9caa8afcde1018584aec < a2639a7f0f5bf7d73f337f8f077c19415c62ed2c 3a273cd0f47dd672d37736e623849374f9ab9ce9 d8570c4c3f2a3e51b3c8b5e6ec898364c5c03062 6.4.16 < 6.5 6.5.3 < 6.6
Linux / Linux
6.6
References
git.kernel.org: https://git.kernel.org/stable/c/66d432e9b45bae7881ffcdb12cd8fd0bf254ef02 git.kernel.org: https://git.kernel.org/stable/c/7d568fede8eac91161a60b710aa920abe9b0fb9f git.kernel.org: https://git.kernel.org/stable/c/bad65b4b0a96139f023eadc28a33125963208449 git.kernel.org: https://git.kernel.org/stable/c/a2639a7f0f5bf7d73f337f8f077c19415c62ed2c