CVE-2026-46056
Published: May 27, 2026
Modified: Jun 1, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in hci_user_passkey_notify_evt() and hci_keypress_notify_evt(), otherwise the connection can be freed concurrently. Extend the hci_dev_lock critical section to cover all conn usage in both handlers. Keep the existing keypress notification behavior unchanged by routing the early exits through a common unlock path.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 92a25256f142d55e25f9959441cea6ddeabae57e - < b6ae482f88654db407c8c17619d4b62959b903efaffected 92a25256f142d55e25f9959441cea6ddeabae57e - < 204028af77a265e31ceb4ba7f643349a3cca72b2affected 92a25256f142d55e25f9959441cea6ddeabae57e - < 01a6431766c35dfedb86e0cb5d3fc80c6d604a47affected 92a25256f142d55e25f9959441cea6ddeabae57e - < e08d75753db17aa943d7622f09d9c217b5bfd3b8affected 92a25256f142d55e25f9959441cea6ddeabae57e - < 8c6443bb9257b780986fb67ec08565bf48ecb8d7+1 more versions |
Linux | Linux | affected 3.7unaffected 0 - < 3.7unaffected 6.1.175 - <= 6.1.*unaffected 6.6.140 - <= 6.6.*unaffected 6.12.86 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now