CVE-2026-46056
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk17th percentile - higher than 17% of all known CVEs
Summary
A vulnerability related to Bluetooth event handling has been fixed in the Linux kernel, which could lead to a potential use-after-free (UAF) in SSP key handling.
Risk Assessment
Improper management of Bluetooth connections may lead to unexpected system behavior, posing risks to data security and system stability.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure the security of Bluetooth operations.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in hci_user_passkey_notify_evt() and hci_keypress_notify_evt(), otherwise the connection can be freed concurrently. Extend the hci_dev_lock critical section to cover all conn usage in both handlers. Keep the existing keypress notification behavior unchanged by routing the early exits through a common unlock path.

