#VU124907 Use-after-free in Linux kernel - CVE-2026-23462
Published: April 6, 2026
Vulnerability identifier: #VU124907
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23462
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to use-after-free in the HIDP subsystem when handling a user->remove callback without dropping the l2cap_conn reference. A local user can trigger the affected code path to cause a denial of service.
The issue is in the Linux kernel Bluetooth HIDP code path and is evidenced by a kernel crash trace during connection cleanup.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/21a47a119f33df9bb157326846390d7e8e1b45ba
- https://git.kernel.org/stable/c/45ebe5b900200ac3e01f3470506a44a447825721
- https://git.kernel.org/stable/c/4d37fa7582aa960ba23e10a7a2596a29f37ad281
- https://git.kernel.org/stable/c/7c805b7d1e580eececcc92470292e3dbc42bc3f5
- https://git.kernel.org/stable/c/dbf666e4fc9bdd975a61bf682b3f75cb0145eedd
- https://git.kernel.org/stable/c/f8b6ed2f06d3baa44f347a0fa2af52433f386463