Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-05T00:00:00 kernel: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-825

A flaw was found in the Linux kernel's Bluetooth Management (MGMT) component. This vulnerability arises from incorrect handling of pending commands within the Bluetooth subsystem's command completion processes. An attacker with local access could exploit this issue to trigger memory corruption and Use-After-Free (UAF) conditions, potentially leading to a kernel panic and a Denial of Service (DoS) for the system. Use-After-Free is a memory safety flaw where a program attempts to use memory after it has been freed, which can lead to unpredictable behavior or system crashes.

Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43059 https://nvd.nist.gov/vuln/detail/CVE-2026-43059 https://lore.kernel.org/linux-cve-announce/2026050535-CVE-2026-43059-d26f@gregkh/T