CVE-2026-43018
Published: May 1, 2026
Modified: May 11, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt hci_conn lookup and field access must be covered by hdev lock in hci_le_remote_conn_param_req_evt, otherwise it's possible it is freed concurrently. Extend the hci_dev_lock critical section to cover all conn usage.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 95118dd4edfec950898a00180c6f998df0a6406d - < 59eecf0ffde15670e6a5e10c47be67f73d843b20affected 95118dd4edfec950898a00180c6f998df0a6406d - < 5fb69e1eeea9d6cba80517e9f058b56b34bc3a81affected 95118dd4edfec950898a00180c6f998df0a6406d - < 7cadb03be37e761130edb153544fe0770a842b19affected 95118dd4edfec950898a00180c6f998df0a6406d - < 1d0bdbfe3e91c11f0a704c52443a9446a10d699caffected 95118dd4edfec950898a00180c6f998df0a6406d - < ea3cd36d7382d5f8309df04c275d20df139ed42c+1 more versions |
Linux | Linux | affected 5.17unaffected 0 - < 5.17unaffected 6.1.168 - <= 6.1.*unaffected 6.6.134 - <= 6.6.*unaffected 6.12.81 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now