CVE-2026-43019

EUVD-2026-26618
In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync

hci_conn lookup and field access must be covered by hdev lock in
set_cig_params_sync, otherwise it's possible it is freed concurrently.

Take hdev lock to prevent hci_conn from being deleted or modified
concurrently.  Just RCU lock is not suitable here, as we also want to
avoid "tearing" in the configuration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
References
https://git.kernel.org/stable/c/66d432e9b45bae7881ffcdb12cd8fd0bf254ef02
https://git.kernel.org/stable/c/7d568fede8eac91161a60b710aa920abe9b0fb9f
https://git.kernel.org/stable/c/a2639a7f0f5bf7d73f337f8f077c19415c62ed2c
https://git.kernel.org/stable/c/bad65b4b0a96139f023eadc28a33125963208449