Memory Safety Vulnerability in Linux Kernel Bluetooth Management
CVE-2026-43059

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43059?

A vulnerability in the Bluetooth management functionality of the Linux kernel has been addressed, which could lead to list corruption and memory safety problems. This arises from improper handling in completion handlers after a command is processed. Specifically, changes made to facilitate the validation of pending commands introduced potential use-after-free (UAF) issues during command handling. The recent patch ensures that commands are correctly unlinked from the pending list, preventing double deletions and protecting the integrity of memory operations.

Affected Version(s)

Linux d71b98f253b079cbadc83266383f26fe7e9e103b < 695b45b2262fcb5e71bed1175aad59c72f92aa78

Linux 302a1f674c00dd5581ab8e493ef44767c5101aab

Linux 302a1f674c00dd5581ab8e493ef44767c5101aab < 02023ff760cc104a5d86a82ef5b8dd89098ad78d

References

https://git.kernel.org/stable/c/695b45b2262fcb5e71bed1175...

https://git.kernel.org/stable/c/b5c5e96f3b0a5003c3ff98ebb...

https://git.kernel.org/stable/c/02023ff760cc104a5d86a82ef...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43059 Data

JSON