SB2026040665 - Use-after-free in Linux kernel bluetooth hidp
Published: April 6, 2026
Security Bulletin ID
SB2026040665
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2026-23462)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to use-after-free in the HIDP subsystem when handling a user->remove callback without dropping the l2cap_conn reference. A local user can trigger the affected code path to cause a denial of service.
The issue is in the Linux kernel Bluetooth HIDP code path and is evidenced by a kernel crash trace during connection cleanup.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/21a47a119f33df9bb157326846390d7e8e1b45ba
- https://git.kernel.org/stable/c/45ebe5b900200ac3e01f3470506a44a447825721
- https://git.kernel.org/stable/c/4d37fa7582aa960ba23e10a7a2596a29f37ad281
- https://git.kernel.org/stable/c/7c805b7d1e580eececcc92470292e3dbc42bc3f5
- https://git.kernel.org/stable/c/dbf666e4fc9bdd975a61bf682b3f75cb0145eedd
- https://git.kernel.org/stable/c/f8b6ed2f06d3baa44f347a0fa2af52433f386463