CVE-2026-23462

Name of the Vulnerable Software and Affected Versions Linux kernel versions 7.0.0-rc1 through 7.0.0-rc1

Description The Linux kernel contains a use-after-free (UAF) flaw within the Bluetooth HIDP subsystem. The issue arises from a failure to drop the l2cap conn reference when the user's remove callback is invoked, leading to a potential UAF condition. The provided trace indicates the vulnerability occurs during the disconnection process, specifically within the hci unregister dev and vhci release functions.

Recommendations Update to a newer version of the Linux kernel that addresses this issue.