CVE-2026-43019
Published: May 2, 2026Last modified: June 24, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync hci_conn lookup and field access must be covered by hdev lock in set_cig_params_sync, otherwise it's possible it is freed concurrently. Take hdev lock to prevent hci_conn from being deleted or modified concurrently. Just RCU lock is not suitable here, as we also want to avoid "tearing" in the configuration.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Not affected (6.1.33-r0) |
| 25 LTS | linux-lts | Fixed (6.12.81-r0) | |
| Stream | linux-lts | Fixed (6.18.35-r1) |
References
- https://git.kernel.org/stable/c/66d432e9b45bae7881ffcdb12cd8fd0bf254ef02
- https://git.kernel.org/stable/c/7502c1cf303b69f71d085f5ff7251b0e1b0f09df
- https://git.kernel.org/stable/c/7d568fede8eac91161a60b710aa920abe9b0fb9f
- https://git.kernel.org/stable/c/a2639a7f0f5bf7d73f337f8f077c19415c62ed2c
- https://git.kernel.org/stable/c/bad65b4b0a96139f023eadc28a33125963208449