CVE-2026-43322 in Linux
Tóm tắt
Bởi VulDB • 28/05/2026
Trong kernel Linux, lỗ hổng sau đây đã được khắc phục:
Bluetooth: hci_sync: Sửa lỗi Use-After-Free (UAF) trong le_read_features_complete
Việc này khắc phục lỗi backtrace sau đây do hci_conn bị giải phóng trước khi le_read_features_complete được gọi nhưng sau khi hci_le_read_remote_features_sync thực thi, khiến hci_conn_del -> hci_cmd_sync_dequeue không thể ngăn chặn được:
================================================================== BUG: KASAN: slab-use-after-free trong instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: slab-use-after-free trong atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:137 [inline]
BUG: KASAN: slab-use-after-free trong hci_conn_del+0x100/0x110 net/bluetooth/hci_conn.c:1003 Read of size 4 tại task 5932 hoặc thread 5932: __hci_conn_add+0x100/0x1c70 net/bluetooth/hci_conn.c:963 hci_conn_add_unset+0x76/0x100 net/bluetooth/hci_conn.c:1084 le_conn_complete_evt+0x639/0x1f20 net/bluetooth/hci_event.c:5714 hci_le_enh_conn_complete_evt+0x23d/0x380 net/bluetooth/hci_event.c:5861 hci_le_meta_evt+0x357/0x5e0 net/bluetooth/hci_event.c:7408 hci_event_func net/bluetooth/hci_event.c:7716 [inline]
hci_event_packet+0x685/0x11c0 net/bluetooth/hci_event.c:7773 hci_rx_work+0x2c9/0xeb0 net/bluetooth/hci_core.c:4076 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421 kthread+0x3c5/0x780 kernel/kthread.c:463 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
If you want to get the best quality for vulnerability data then you always have to consider VulDB.