CVE-2026-53276 | In the Linux kernel, the following vulnerability has been re…

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer In iso_sock_rebind_bc(), the bis pointer is cached, then the socket lock is dropped: bis = iso_pi(sk)->conn->hcon; /* Release the socket before lookups since that requires hci_dev_lock * which shall not be acquired while holding sock_lock for proper * ordering. */ release_sock(sk); hci_dev_lock(bis->hdev); During the unlocked window, could a concurrent close() destroy the connection and free the bis structure, causing hci_dev_lock(bis->hdev) to access memory after it is freed, fix this by using the hdev reference which was safely acquired via iso_conn_get_hdev().

Metadata

CVE ID: CVE-2026-53276
State: PUBLISHED
Assigner: Linux
Reserved: 2026-06-09 07:44 UTC
Published: 2026-06-25 08:39 UTC
Last updated: 2026-06-25 08:39 UTC
Vendor / Product: Linux / Linux
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (2)

Vendor	Product	Platform	Versions
Linux	Linux	—	d3413703d5f8b7d1e6f514f9440ed5da1bc30796 < d324b8aa20bd3c3394e3647dc22491d88f3f4e7a, d3413703d5f8b7d1e6f514f9440ed5da1bc30796 < f50331f2a1441ec49988832c3a95f2edacc47322
Linux	Linux	—	6.19, 0 < 6.19, 7.0.13 ≤ 7.0., 7.1 ≤

References (2)