Race Condition Vulnerability in Zephyr Bluetooth Classic RFCOMM Stack
CVE-2026-10654

3.1LOW

Key Information:

Vendor: Zephyrproject
Status: Zephyr
Vendor: CVE Published:; 30 June 2026

🔔 Create Zephyrproject Vulnerability Alert

What is CVE-2026-10654?

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack can lead to a problematic state during simultaneous disconnect requests. When a local device initiates a session teardown while the connected peer sends its own disconnect frame, the handling of this situation can result in the session being locked in the DISCONNECTED state. This issue prevents new connections from being established and can lead to a depletion of the available session pool. Although there are no risks to memory safety, confidentiality, or integrity, resource exhaustion represents a significant availability concern for affected systems. The vulnerability affects versions prior to v4.4.0, and a fix has been implemented to ensure proper session handling.

Affected Version(s)

zephyr 1.6.0 < 4.5.0

References

https://github.com/zephyrproject-rtos/zephyr/commit/c67b5...

patch

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2026-10654 Data

JSON