GHSA-2qwp-9c8h-mrvcHighCVSS 7.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix...

Published
May 1, 2026
Last Modified
June 19, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

hci_conn lookup and field access must be covered by hdev lock in set_cig_params_sync, otherwise it's possible it is freed concurrently.

Take hdev lock to prevent hci_conn from being deleted or modified concurrently. Just RCU lock is not suitable here, as we also want to avoid "tearing" in the configuration.

🔗 References (7)