Race Condition in Linux Kernel Bluetooth Functionality
CVE-2026-43023
What is CVE-2026-43023?
In the Linux kernel, a vulnerability has been identified within the Bluetooth subsystem that can lead to a use-after-free condition due to improper socket state checks during concurrent connection attempts. Specifically, the function sco_sock_connect() fails to hold the necessary socket lock while checking the socket state and type. As a result, two threads can simultaneously initiate connection requests on the same socket, leading to inconsistent socket states and potential memory management issues. This race condition may allow a socket that should have been closed to be reused improperly, resulting in memory leaks and crashes. The vulnerability has been addressed by modifying the locking mechanism in sco_sock_connect() to ensure serialized access for connection attempts, thereby mitigating the risk of exploit.
Affected Version(s)
Linux 70a13b1e25fef37c87c8a1228ddb8900efbca7cf
Linux 9a8ec9e8ebb5a7c0cfbce2d6b4a6b67b2b78e8f3
Linux 9a8ec9e8ebb5a7c0cfbce2d6b4a6b67b2b78e8f3 < 7e296ffdab5bdab718dff7c14288fdcb9154fa27