Skip to main content

Linux Kernel CVE-2026-43022

| EUVDEUVD-2026-26621 MEDIUM
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 08, 2026 - 15:07 vuln.today
CVSS changed
May 08, 2026 - 15:07 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:33 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26621
CVE Published
May 01, 2026 - 14:15 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists

hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources.

Change the function to return -EEXIST if queue item already exists.

Modify all callsites to handle that.

AnalysisAI

Local privilege escalation in Linux kernel Bluetooth subsystem allows authenticated local users to cause denial of service through improper resource management in hci_cmd_sync_queue_once() function. The vulnerability affects Bluetooth HCI synchronization queue handling, where the function fails to properly indicate queue item addition status, leading to potential resource leaks and system unavailability. EPSS score of 0.02% indicates minimal real-world exploitation probability despite moderate CVSS severity.

Technical ContextAI

The vulnerability exists in the Linux kernel's Bluetooth HCI (Host Controller Interface) subsystem, specifically in the hci_sync module's hci_cmd_sync_queue_once() function. This function manages synchronous command queueing for Bluetooth device communication. The root cause is inadequate return value signaling - the function did not differentiate between successful queue insertion and cases where an identical queue item already existed, preventing callers from determining whether callbacks would be invoked. This ambiguity caused resource cleanup code paths to fail, as callers could not know whether to release resources associated with queued operations. The fix modifies the function to return -EEXIST when a duplicate item is detected, enabling proper callback tracking and resource lifecycle management across all call sites. CWE classification not specified, but this represents a resource management and state synchronization defect in kernel-level Bluetooth protocol handling.

RemediationAI

Apply Linux kernel security updates to version 7.0 or 6.19.12 or later, available from your Linux distribution's kernel repositories. Upstream fixes are available in stable branches at git.kernel.org/stable/c/0ad2ce230b38cd4b3f6732cc609e270461e626e5 and git.kernel.org/stable/c/2969554bcfccb5c609f6b6cd4a014933f3a66dd0. For systems unable to immediately patch, mitigate by disabling Bluetooth subsystem at runtime using 'echo 1 > /sys/module/bluetooth/parameters/disable_ertm' if Bluetooth is not required for operations, or restrict local access via SELinux/AppArmor policies to prevent untrusted users from invoking HCI commands. Note that disabling Bluetooth may impact systems relying on Bluetooth peripherals; evaluate compatibility before implementing. Test patches in non-production environments before wide deployment due to hci_sync modifications affecting all Bluetooth command queueing callsites.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43022 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy