8.8

CVE-2026-53072

Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER

When protocol sets HCI_PROTO_DEFER, hci_conn_request_evt() calls
hci_connect_cfm(conn) without hdev->lock. Generally hci_connect_cfm()
assumes it is held, and if conn is deleted concurrently -> UAF.

Only SCO and ISO set HCI_PROTO_DEFER and only for defer setup listen,
and HCI_EV_CONN_REQUEST is not generated for ISO.  In the non-deferred
listening socket code paths, hci_connect_cfm(conn) is called with
hdev->lock held.

Fix by holding the lock.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 70c464256310e1c3716099b9d02ece4169272f73
Version < 60e3f4ff02d1f2d55bfbf2ca32a97285a9771ee4
Status affected
Version 70c464256310e1c3716099b9d02ece4169272f73
Version < 9d4a6c0f43fc5e4d4f062e8e450e5483eb74176e
Status affected
Version 70c464256310e1c3716099b9d02ece4169272f73
Version < c7777f534a8018ae4bb1c80d8925af4df588a314
Status affected
Version 70c464256310e1c3716099b9d02ece4169272f73
Version < 6b4d226d01ab7da0d2027a2a1e3a6079152e5065
Status affected
Version 70c464256310e1c3716099b9d02ece4169272f73
Version < 541d5bf9b5afaf41090b2a3aa7b47f2db2ff801f
Status affected
Version 70c464256310e1c3716099b9d02ece4169272f73
Version < 385b2d0468a0871fc716c549fa3b0c257c7dbcb3
Status affected
Version 70c464256310e1c3716099b9d02ece4169272f73
Version < c27224daf0b08efbb2b24ed64b6139b294f5473a
Status affected
Version 70c464256310e1c3716099b9d02ece4169272f73
Version < 5c7209a341ff2ac338b2b0375c34a307b37c9ac2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 3.17
Status affected
Version 0
Version < 3.17
Status unaffected
Version <= 5.10.*
Version 5.10.258
Status unaffected
Version <= 5.15.*
Version 5.15.209
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.159
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/60e3f4ff02d1f2d55bfbf2ca32a97285a9771ee4
https://git.kernel.org/stable/c/9d4a6c0f43fc5e4d4f062e8e450e5483eb74176e
https://git.kernel.org/stable/c/c7777f534a8018ae4bb1c80d8925af4df588a314
https://git.kernel.org/stable/c/6b4d226d01ab7da0d2027a2a1e3a6079152e5065
https://git.kernel.org/stable/c/541d5bf9b5afaf41090b2a3aa7b47f2db2ff801f
https://git.kernel.org/stable/c/385b2d0468a0871fc716c549fa3b0c257c7dbcb3
https://git.kernel.org/stable/c/c27224daf0b08efbb2b24ed64b6139b294f5473a
https://git.kernel.org/stable/c/5c7209a341ff2ac338b2b0375c34a307b37c9ac2