Bluetooth Vulnerability in Linux Kernel Affecting Resource Management
CVE-2026-43022

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43022?

A vulnerability in the Linux kernel's Bluetooth implementation has been identified that affects the function hci_cmd_sync_queue_once(). This function is responsible for managing commands in the Bluetooth command queue. The flaw allowed the function to improperly indicate whether a command had been successfully added to the queue, leading to potential resource leaks. The function has now been modified to return an -EEXIST error code if an attempt is made to add a duplicate item to the queue, ensuring proper resource handling and callback execution. This fix enhances the stability and security of the Bluetooth functionality in the Linux kernel.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0ad2ce230b38cd4b3f6732cc609e270461e626e5

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2969554bcfccb5c609f6b6cd4a014933f3a66dd0

Linux 6.19.12 <= 6.19.*

References

https://git.kernel.org/stable/c/0ad2ce230b38cd4b3f6732cc6...

https://git.kernel.org/stable/c/2969554bcfccb5c609f6b6cd4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43022 Data

JSON