Home / Vulnerability Intelligence / CVE-2026-43322

CVE-2026-43322 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: May 11, 2026

Linux kernel Bluetooth - Use After Free

Published: May 8, 2026Updated: May 11, 2026

Overview

Linux kernel contains a use-after-free vulnerability in Bluetooth hci_sync component caused by hci_conn being freed prematurely before le_read_features_complete, letting attackers cause kernel memory corruption, exploit requires local code execution or kernel interaction.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Attackers can cause kernel memory corruption leading to system instability or potential privilege escalation.

Mitigation

Update to the latest Linux kernel version containing the fix for hci_sync use-after-free.

References

https://git.kernel.org/stable/c/035c25007c9e698bef3826070ee34bb6d778020c
https://git.kernel.org/stable/c/260dc2be643b4a35b27008490c533613e3e53867

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-43322
Severity: High
CVSS Score: 8.8
Type: use_after_free
Status: new

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H