๐Ÿ” CVE Alert

CVE-2026-46056

HIGH 8.8

Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in hci_user_passkey_notify_evt() and hci_keypress_notify_evt(), otherwise the connection can be freed concurrently. Extend the hci_dev_lock critical section to cover all conn usage in both handlers. Keep the existing keypress notification behavior unchanged by routing the early exits through a common unlock path.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published May 27, 2026
Last Updated Jun 1, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
92a25256f142d55e25f9959441cea6ddeabae57e < b6ae482f88654db407c8c17619d4b62959b903ef 92a25256f142d55e25f9959441cea6ddeabae57e < 204028af77a265e31ceb4ba7f643349a3cca72b2 92a25256f142d55e25f9959441cea6ddeabae57e < 01a6431766c35dfedb86e0cb5d3fc80c6d604a47 92a25256f142d55e25f9959441cea6ddeabae57e < e08d75753db17aa943d7622f09d9c217b5bfd3b8 92a25256f142d55e25f9959441cea6ddeabae57e < 8c6443bb9257b780986fb67ec08565bf48ecb8d7 92a25256f142d55e25f9959441cea6ddeabae57e < 85fa3512048793076eef658f66489112dcc91993
Linux / Linux
3.7

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/b6ae482f88654db407c8c17619d4b62959b903ef git.kernel.org: https://git.kernel.org/stable/c/204028af77a265e31ceb4ba7f643349a3cca72b2 git.kernel.org: https://git.kernel.org/stable/c/01a6431766c35dfedb86e0cb5d3fc80c6d604a47 git.kernel.org: https://git.kernel.org/stable/c/e08d75753db17aa943d7622f09d9c217b5bfd3b8 git.kernel.org: https://git.kernel.org/stable/c/8c6443bb9257b780986fb67ec08565bf48ecb8d7 git.kernel.org: https://git.kernel.org/stable/c/85fa3512048793076eef658f66489112dcc91993