{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nBluetooth: hci_conn: fix potential UAF in create_big_sync\\n\\nAdd hci_conn_valid() check in create_big_sync() to detect stale\\nconnections before proceeding with BIG creation. Handle the\\nresulting -ECANCELED in create_big_complete() and re-validate the\\nconnection under hci_dev_lock() before dereferencing, matching the\\npattern used by create_le_conn_complete() and create_pa_complete().\\n\\nKeep the hci_conn object alive across the async boundary by taking\\na reference via hci_conn_get() when queueing create_big_sync(), and\\ndropping it in the completion callback. The refcount and the lock\\nare complementary: the refcount keeps the object allocated, while\\nhci_dev_lock() serializes hci_conn_hash_del()’s list_del_rcu() on\\nhdev-\\u003econn_hash, as required by hci_conn_del().\\n\\nhci_conn_put() is called outside hci_dev_unlock() so the final put\\n(which resolves to kfree() via bt_link_release) does not run under\\nhdev-\\u003elock, though the release path would be safe either way.\\n\\nWithout this, create_big_complete() would unconditionally\\ndereference the conn pointer on error, causing a use-after-free\\nvia hci_connect_cfm() and hci_conn_del().”,”published”:”2026-05-28T09:35:19.970Z”,”modified”:”2026-05-30T10:47:42.860Z”,”type”:”cve”,”title”:”Bluetooth: hci_conn: fix potential UAF in create_big_sync”,”source”:”Linux”,”references”:”https:\/\/git.kernel.org\/stable\/c\/6823f730bf195fc296d9edd09e2ca94bc1ff5584\\nhttps:\/\/git.kernel.org\/stable\/c\/1750a2df0eab61dc421a7afae74abdd239a44b85\\nhttps:\/\/git.kernel.org\/stable\/c\/dc34f8d8240f25dd137dc2758ebbcc75e3779142\\nhttps:\/\/git.kernel.org\/stable\/c\/f8eaf92c57ad99358dd372580d5ff87623343a72\\nhttps:\/\/git.kernel.org\/stable\/c\/0beddb0c380bed5f5b8e61ddbe14635bb73d0b41″,”id”:”CVE-2026-46111″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”Linux Linux eca0ae4aea66914515e5e3098ea051b518ee5316\\nLinux Linux eca0ae4aea66914515e5e3098ea051b518ee5316\\nLinux Linux eca0ae4aea66914515e5e3098ea051b518ee5316\\nLinux Linux eca0ae4aea66914515e5e3098ea051b518ee5316\\nLinux Linux eca0ae4aea66914515e5e3098ea051b518ee5316\\nLinux Linux 6.0″,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Linux”,”version”:”eca0ae4aea66914515e5e3098ea051b518ee5316″,”vendor”:”Linux”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nBluetooth: hci_conn: fix potential UAF in create_big_sync\\n\\nAdd hci_conn_valid() check in create_big_sync() to detect stale\\nconnections before proceeding…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,28,12,15,13,7,11,5],"class_list":["post-58481","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n