CVE-2026-43019

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A Use-After-Free (UAF) issue exists in the Bluetooth component. In the set cig params sync() function, the lookup and field access of hci conn are not properly protected by the hdev lock, which could allow the object to be freed concurrently. Using only an RCU (Read-Copy-Update) lock is insufficient as it does not prevent configuration tearing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-06507

CVE-2026-43019

OESA-2026-2312

OESA-2026-2313

OESA-2026-2314

Affected Products

Linux Kernel

CVE-2026-43019

Weakness Enumeration

Related Identifiers

Affected Products

References · 45