Bluetooth RFCOMM Vulnerability in Linux Kernel
CVE-2026-53256

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53256?

A vulnerability has been identified in the Bluetooth RFCOMM implementation of the Linux kernel, involving improper handling of listener sockets during the connection process. Specifically, the flaw lies in the function rfcomm_get_sock_by_channel(), which retrieves a listener socket and drops the associated lock without maintaining a reference. This issue can be exploited in race conditions where a listener may be closed concurrently, leading to potential memory corruption and slab-use-after-free scenarios. To mitigate this, it is essential to ensure proper locking and reference counting around socket operations.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1f73f92f66251065a5f39b09a47cf05ea14d3107

References

https://git.kernel.org/stable/c/f5ec76bdbeb80f75ad0be2043...

https://git.kernel.org/stable/c/a07d741c077d4e34b16458241...

https://git.kernel.org/stable/c/1f73f92f66251065a5f39b09a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53256 Data

JSON