CVE-2026-53072

UNKNOWN 0.0

Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER When protocol sets HCI_PROTO_DEFER, hci_conn_request_evt() calls hci_connect_cfm(conn) without hdev->lock. Generally hci_connect_cfm() assumes it is held, and if conn is deleted concurrently -> UAF. Only SCO and ISO set HCI_PROTO_DEFER and only for defer setup listen, and HCI_EV_CONN_REQUEST is not generated for ISO. In the non-deferred listening socket code paths, hci_connect_cfm(conn) is called with hdev->lock held. Fix by holding the lock.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

70c464256310e1c3716099b9d02ece4169272f73 < 60e3f4ff02d1f2d55bfbf2ca32a97285a9771ee4 70c464256310e1c3716099b9d02ece4169272f73 < 9d4a6c0f43fc5e4d4f062e8e450e5483eb74176e 70c464256310e1c3716099b9d02ece4169272f73 < c7777f534a8018ae4bb1c80d8925af4df588a314 70c464256310e1c3716099b9d02ece4169272f73 < 6b4d226d01ab7da0d2027a2a1e3a6079152e5065 70c464256310e1c3716099b9d02ece4169272f73 < 541d5bf9b5afaf41090b2a3aa7b47f2db2ff801f 70c464256310e1c3716099b9d02ece4169272f73 < 385b2d0468a0871fc716c549fa3b0c257c7dbcb3 70c464256310e1c3716099b9d02ece4169272f73 < c27224daf0b08efbb2b24ed64b6139b294f5473a 70c464256310e1c3716099b9d02ece4169272f73 < 5c7209a341ff2ac338b2b0375c34a307b37c9ac2

Linux / Linux

3.17

References

NVD ↗ CVE.org ↗ EPSS Data ↗