Use-after-free in Linux kernel - CVE-2026-46275
Published: June 10, 2026
Vulnerability identifier: #VU134257
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46275
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to use-after-free in the hci_uart line discipline lifecycle management when closing or initializing a Bluetooth HCI UART device. A local user can trigger a hangup or race the close and initialization paths to cause a denial of service.
The issue involves workqueue handling and teardown ordering in the close and initialization error paths.
How to mitigate CVE-2026-46275
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/192cb0f1ca706d9a1bc36ae0ad5f666d1e4fd894
- https://git.kernel.org/stable/c/7338031946bd06f6dff149e67b60c4cd083bfea8
- https://git.kernel.org/stable/c/78aad93e938f013d9272fe0ee168f27883afa95c
- https://git.kernel.org/stable/c/81c7a3c22a0f2808cf4ae0b4908f59763b23606d
- https://git.kernel.org/stable/c/9d20d48be2c4a071fb015eb09bda2cecd25daf34
- https://git.kernel.org/stable/c/c1bb9336ae6b54a5f6a353c4bd4ed9a4307e429b
- https://git.kernel.org/stable/c/c85cff648a2bc92322912db5f1727ad05afae7b6
- https://git.kernel.org/stable/c/e2d19969c8d9198ecc3090bcd5312ecd503a3339