Bluetooth Vulnerability in Linux Kernel Affecting Socket Handling
CVE-2026-52918
What is CVE-2026-52918?
A vulnerability exists in the Linux kernel where the Bluetooth subsystem improperly manages the accept queue during socket handling. Specifically, the function bt_sock_poll() traverses the accept queue without proper synchronization, posing risks during simultaneous socket teardown operations. This lack of synchronization could lead to scenarios where a socket is unlinked and its last reference dropped while another operation is concurrently reading from the accept queue. The vulnerability has been addressed by implementing a dedicated lock to manage updates and polling on the accept queue, and by reworking the bt_accept_dequeue() function to take temporary child references under this lock before proceeding with reference drops. It is crucial for system administrators and security professionals to monitor and update systems to ensure protection against potential exploitation.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 41c8c1c7923e86e0eb59cfb4279349112756a336
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4ec17782fd186f901a7329605d11048b085b945a