CVE-2026-43119

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A data race exists in the Bluetooth component involving the hdev->req status variable. While hci cmd sync sk() modifies this variable under the hdev->req lock, other functions—including hci send cmd sync(), hci cmd sync complete(), hci cmd sync cancel(), hci cmd sync cancel sync(), and hci abort conn()—access it without holding a lock. Because these functions can execute concurrently on different CPUs across different workqueues, these plain C accesses create a data race. This can lead to undefined behavior due to compiler optimizations such as store reordering or load fusing in wait conditions.

Recommendations Apply the updates that implement READ ONCE() and WRITE ONCE() annotations on all concurrent accesses to the hdev->req status variable.