VDB

CESS-2026-46056

CESS-2026-46056 PUBLISHED CVSS 8.8 HIGH

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in hci_user_passkey_notify_evt() and hci_keypress_notify_evt(), otherwise the connection can be freed concurrently. Extend the hci_dev_lock critical section to cover all conn usage in both handlers. Keep the existing keypress notification behavior unchanged by routing the early exits through a common unlock path.

Risk Scores

CVSS 3.1
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

  • May 27, 2026 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›