CVE-2026-43059

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description List corruption and Use-After-Free (UAF) issues exist in the Bluetooth MGMT command complete handlers. These issues stem from a change in the mgmt pending valid() function, which validates and unlinks pending commands from the pending list. In mgmt add adv patterns monitor complete(), the use of mgmt pending remove() after mgmt pending valid() causes a double list del(), leading to list corruption or kernel panic. Additionally, in set mesh complete(), the use of mgmt pending foreach() in the error path incorrectly targets other pending mesh commands, potentially freeing them while they are being processed concurrently, which results in UAFs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.