PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23462 Linux CVE debrief

CVE-2026-23462 is a Linux kernel Bluetooth HIDP use-after-free issue. The NVD record says the bug was fixed after a missing l2cap_conn reference drop when the user->remove callback is invoked, which can leave a stale connection object reachable during Bluetooth teardown. NVD rates the issue HIGH with CVSS 8.8 and lists broad kernel version coverage across multiple stable branches and early 7.0 release candidates.

Vendor
Linux
Product
Unknown
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-03
Original CVE updated
2026-05-20
Advisory published
2026-04-03
Advisory updated
2026-05-20

Who should care

Linux distribution security teams, kernel maintainers, and operators of systems that use Bluetooth HIDP or related Bluetooth connection teardown paths should prioritize this. Environments running affected kernel versions, especially where Bluetooth is enabled, should review patch status promptly.

Technical summary

The vulnerability is a kernel use-after-free in the Bluetooth HIDP path. According to the CVE description, the fix addresses failure to drop the l2cap_conn reference when user->remove is called. The provided trace shows l2cap_conn_free occurring during Bluetooth device shutdown/teardown, consistent with a lifetime management bug. NVD maps the weakness to CWE-416 and assigns CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

High. This is a kernel memory-safety flaw with high CVSS impact across confidentiality, integrity, and availability, and NVD indicates many affected kernel branches. Prioritize patching on systems with Bluetooth exposure.

Recommended defensive actions

  • Install the vendor or stable-kernel fix for CVE-2026-23462 on all affected systems.
  • Confirm your running kernel is outside the affected ranges listed by NVD, including the noted stable series and early 7.0 release candidates.
  • If immediate patching is not possible, reduce Bluetooth exposure on systems that do not require HIDP functionality.
  • Review fleet monitoring for crashes or warnings in Bluetooth teardown and connection-free paths.
  • Track downstream distro advisories for backported fixes matching the listed kernel branches.

Evidence notes

Source evidence comes from the NVD record and the CVE description. The record identifies CWE-416 and CVSS 8.8, describes the bug as a Linux kernel Bluetooth HIDP use-after-free caused by not dropping the l2cap_conn reference in the user->remove callback, and lists affected kernel version ranges plus patch references on git.kernel.org. The supplied trace shows l2cap_conn_free during Bluetooth device teardown, which supports the lifetime bug description.

Official resources

CVE record published 2026-04-03T16:16:33.313Z and last modified 2026-05-20T15:27:46.557Z, per the supplied timeline and NVD source metadata.