HIGHCVE-2026-43019Published Modified CNA Linux
CVE-2026-43019: Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync hci_conn lookup and field access must be covered by hdev lock in set_cig_params_sync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hci_conn from being deleted or modified concurrently. Just RCU lock is not suitable here, as we also want to avoid "tearing" in the configuration.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
06.56.66.12.816.18.226.19.1266d432e9b45bae7881ffcdb12cd8fd0bf254ef027.07d568fede8eac91161a60b710aa920abe9b0fb9fa2639a7f0f5bf7d73f337f8f077c19415c62ed2cbad65b4b0a96139f023eadc28a33125963208449
Affected packages
- Linux / Linux< 66d432e9b45bae7881ffcdb12cd8fd0bf254ef02 (from a091289218202bc09d9b9caa8afcde1018584aec) · < 7d568fede8eac91161a60b710aa920abe9b0fb9f (from a091289218202bc09d9b9caa8afcde1018584aec) · < bad65b4b0a96139f023eadc28a33125963208449 (from a091289218202bc09d9b9caa8afcde1018584aec) · < a2639a7f0f5bf7d73f337f8f077c19415c62ed2c (from a091289218202bc09d9b9caa8afcde1018584aec) · 3a273cd0f47dd672d37736e623849374f9ab9ce9 · d8570c4c3f2a3e51b3c8b5e6ec898364c5c03062
- Linux / Linux6.6Fixed in 0, 6.12.81, 6.18.22, 6.19.12, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H