Use After Free Vulnerability in Linux Kernel Bluetooth Stack
CVE-2026-53357

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
2 July 2026

What is CVE-2026-53357?

A use-after-free vulnerability in the Bluetooth implementation of the Linux kernel could allow an attacker to exploit the l2cap_sock_cleanup_listen function. This occurs when a concurrent HCI disconnect triggers l2cap_conn_del while a listening socket is being cleaned up, potentially leading to kernel memory corruption. The vulnerability allows for unprivileged socket manipulation and has been observed to produce multiple use-after-free reports under specific racing conditions. It is crucial for system administrators and developers to update their Linux kernel versions to mitigate the risks associated with this vulnerability.

Affected Version(s)

Linux 15f02b91056253e8cdc592888f431da0731337b8 < 751de6ec671fe75ad9cf65a0638d2a06b6a5984d

Linux 15f02b91056253e8cdc592888f431da0731337b8 < 407217734835d21d4e0105ebf347860dc1806f88

Linux 15f02b91056253e8cdc592888f431da0731337b8 < 7eebd4c2c86f573af87ff165d08a83432eb0b919

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.