CVE-2026-53072 Linux CVE debrief

Who should care

Linux kernel developers and maintainers, Bluetooth protocol implementers, and organizations using Linux-based systems with Bluetooth capabilities should be aware of this vulnerability. They should review their systems and apply patches or mitigations as needed to prevent exploitation.

Technical summary

The vulnerability is caused by a locking issue in the hci_conn_request_evt() function when the HCI_PROTO_DEFER protocol is set. Specifically, the function calls hci_connect_cfm(conn) without holding the hdev->lock. This can lead to a use-after-free (UAF) vulnerability if the connection is deleted concurrently. The issue is resolved by holding the lock in the hci_conn_request_evt() function. Only SCO and ISO protocols set HCI_PROTO_DEFER, and only for defer setup listen. HCI_EV_CONN_REQUEST is not generated for ISO.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, as it has a high CVSS score and could be exploited to gain unauthorized access to sensitive information or disrupt system operations.

Recommended defensive actions

• Review and apply patches or updates to the Linux kernel to fix the locking issue in the hci_conn_request_evt() function.
• Implement additional monitoring and logging to detect potential exploitation attempts.
• Review system configurations and ensure that Bluetooth is only enabled when necessary.
• Consider implementing compensating controls, such as firewall rules or access controls, to limit the attack surface.
• Verify that system backups and incident response plans are up-to-date and effective.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and severity. The source item URL provides additional information on the vulnerability, including references to kernel.org stable commits.

Official resources