CVE-2026-43322 in Linuxالمعلومات

الملخص

بحسب VulDB • 03/06/2026

في نواة Linux، تم حل الثغرة التالية:

Bluetooth: hci_sync: إصلاح استخدام بعد التحرير (Use-After-Free) في le_read_features_complete

يؤدي هذا الإصلاح إلى معالجة تتبع المكدس (backtrace) التالي الناتج عن تحرير كائن hci_conn قبل استدعاء le_read_features_complete ولكن بعد hci_le_read_remote_features_sync، مما يجعل الدالة hci_conn_del -> hci_cmd_sync_dequeue غير قادرة على منع ذلك:

================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: slab-use-after-free in atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:107 [inline]
BUG: KASAN: slab-use-after-free in hci_conn_del+0x100/0x110 net/bluetooth/hci_conn.c:1005 Read of size 4 at addr ffff888109380000 by task kworker/u4:1/5932

Workqueue: hci0 hci_rx_work Call Trace: dump_stack_lvl+0x1b0/0x280 lib/dump_stack.c:125 print_address+0x110/0x200 mm/kasan/report.c:310 __kasan_report+0x115/0x1a0 mm/kasan/report.c:476 kasan_report+0xc/0x10 mm/kasan/common.c:357 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:107 [inline]
hci_conn_del+0x100/0x110 net/bluetooth/hci_conn.c:1005 hci_cmd_sync_dequeue+0x130/0x1a0 net/bluetooth/hci_sync.c:100 hci_le_read_remote_features_complete+0x130/0x1a0 net/bluetooth/hci_sync.c:110 hci_le_meta_evt+0x357/0x5e0 net/bluetooth/hci_event.c:7408 hci_event_func net/bluetooth/hci_event.c:7716 [inline]
hci_event_packet+0x685/0x11c0 net/blluetooth/hci_event.c:7773 hci_rx_work+0x2c9/0xeb0 net/bluetooth/hci_core.c:4076 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Linux

حجز

01/05/2026

إفشاء

08/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-362098

EPSS

0.00021

KEV

لا

النشاطات

منخفض جدًا

القطاع

Chemical, Education, ...

المصادر

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-43322
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-43322
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-43322/

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!