CVE Catalog

CVE-2026-46056

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

A vulnerability related to Bluetooth event handling has been fixed in the Linux kernel, which could lead to a potential use-after-free (UAF) in SSP key handling.

Risk Assessment

Improper management of Bluetooth connections may lead to unexpected system behavior, posing risks to data security and system stability.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure the security of Bluetooth operations.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in hci_user_passkey_notify_evt() and hci_keypress_notify_evt(), otherwise the connection can be freed concurrently. Extend the hci_dev_lock critical section to cover all conn usage in both handlers. Keep the existing keypress notification behavior unchanged by routing the early exits through a common unlock path.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS