{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nBluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER\\n\\nWhen protocol sets HCI_PROTO_DEFER, hci_conn_request_evt() calls\\nhci_connect_cfm(conn) without hdev-\\u003elock. Generally hci_connect_cfm()\\nassumes it is held, and if conn is deleted concurrently -\\u003e UAF.\\n\\nOnly SCO and ISO set HCI_PROTO_DEFER and only for defer setup listen,\\nand HCI_EV_CONN_REQUEST is not generated for ISO. In the non-deferred\\nlistening socket code paths, hci_connect_cfm(conn) is called with\\nhdev-\\u003elock held.\\n\\nFix by holding the lock.”,”published”:”2026-06-24T16:30:13.570Z”,”modified”:”2026-06-28T06:38:58.197Z”,”type”:”cve”,”title”:”Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER”,”source”:”Linux”,”references”:”https:\/\/git.kernel.org\/stable\/c\/60e3f4ff02d1f2d55bfbf2ca32a97285a9771ee4\\nhttps:\/\/git.kernel.org\/stable\/c\/9d4a6c0f43fc5e4d4f062e8e450e5483eb74176e\\nhttps:\/\/git.kernel.org\/stable\/c\/c7777f534a8018ae4bb1c80d8925af4df588a314\\nhttps:\/\/git.kernel.org\/stable\/c\/6b4d226d01ab7da0d2027a2a1e3a6079152e5065\\nhttps:\/\/git.kernel.org\/stable\/c\/541d5bf9b5afaf41090b2a3aa7b47f2db2ff801f\\nhttps:\/\/git.kernel.org\/stable\/c\/385b2d0468a0871fc716c549fa3b0c257c7dbcb3\\nhttps:\/\/git.kernel.org\/stable\/c\/c27224daf0b08efbb2b24ed64b6139b294f5473a\\nhttps:\/\/git.kernel.org\/stable\/c\/5c7209a341ff2ac338b2b0375c34a307b37c9ac2″,”id”:”CVE-2026-53072″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”Linux Linux 70c464256310e1c3716099b9d02ece4169272f73\\nLinux Linux 70c464256310e1c3716099b9d02ece4169272f73\\nLinux Linux 70c464256310e1c3716099b9d02ece4169272f73\\nLinux Linux 70c464256310e1c3716099b9d02ece4169272f73\\nLinux Linux 70c464256310e1c3716099b9d02ece4169272f73\\nLinux Linux 70c464256310e1c3716099b9d02ece4169272f73\\nLinux Linux 70c464256310e1c3716099b9d02ece4169272f73\\nLinux Linux 70c464256310e1c3716099b9d02ece4169272f73\\nLinux Linux 3.17″,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Linux”,”version”:”70c464256310e1c3716099b9d02ece4169272f73″,”vendor”:”Linux”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nBluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER\\n\\nWhen protocol sets HCI_PROTO_DEFER, hci_conn_request_evt() calls\\nhci_connect_cfm(conn) without hdev-\\u003elock. Generally hci_connect_cfm()\\nassumes…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,41,12,15,13,7,11,5],"class_list":["post-66605","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n