Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-53276
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-25 Jun, 2026 | 08:39
Updated At-28 Jun, 2026 | 06:41
Rejected At-
▼CVE Numbering Authority (CNA)
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer In iso_sock_rebind_bc(), the bis pointer is cached, then the socket lock is dropped: bis = iso_pi(sk)->conn->hcon; /* Release the socket before lookups since that requires hci_dev_lock * which shall not be acquired while holding sock_lock for proper * ordering. */ release_sock(sk); hci_dev_lock(bis->hdev); During the unlocked window, could a concurrent close() destroy the connection and free the bis structure, causing hci_dev_lock(bis->hdev) to access memory after it is freed, fix this by using the hdev reference which was safely acquired via iso_conn_get_hdev().

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/bluetooth/iso.c
Default Status
unaffected
Versions
Affected
  • From d3413703d5f8b7d1e6f514f9440ed5da1bc30796 before d324b8aa20bd3c3394e3647dc22491d88f3f4e7a (git)
  • From d3413703d5f8b7d1e6f514f9440ed5da1bc30796 before f50331f2a1441ec49988832c3a95f2edacc47322 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/bluetooth/iso.c
Default Status
affected
Versions
Affected
  • 6.19
Unaffected
  • From 0 before 6.19 (semver)
  • From 7.0.13 through 7.0.* (semver)
  • From 7.1 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://git.kernel.org/stable/c/d324b8aa20bd3c3394e3647dc22491d88f3f4e7a
N/A
https://git.kernel.org/stable/c/f50331f2a1441ec49988832c3a95f2edacc47322
N/A
Hyperlink: https://git.kernel.org/stable/c/d324b8aa20bd3c3394e3647dc22491d88f3f4e7a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/f50331f2a1441ec49988832c3a95f2edacc47322
Resource: N/A
Details not found