CVE-2026-43023

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the Bluetooth SCO component. The function sco sock connect() performs checks on sk state and sk type without holding the socket lock. This allows two concurrent connect() system calls on the same socket to pass the checks and enter sco connect(), which can lead to a use-after-free scenario. In this situation, a socket that has been closed and zapped can be revived to a connecting state, causing a double sock put() during cleanup and leaking connections.

Recommendations As a temporary workaround, restrict the use of the sco sock connect() function until a patch is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.