CVE-2026-53357

Linux · Kernel

A Use-After-Free (UAF) vulnerability exists in the Linux kernel Bluetooth subsystem due to a race condition between `l2cap_sock_cleanup_listen()` and `l2cap_conn_del()`.

Executive summary

A high-severity Use-After-Free vulnerability in the Linux kernel Bluetooth subsystem could allow local attackers to cause system crashes or potentially achieve arbitrary code execution.

Vulnerability

This is a memory management flaw involving a race condition in the L2CAP socket handling. The vulnerability occurs when bt_accept_dequeue() unlinks a child socket from a parent queue and releases the socket before it is fully accepted, leading to a UAF condition.

Business impact

Successful exploitation of this UAF vulnerability could result in a kernel panic, leading to denial-of-service (DoS) for the affected system. In more complex scenarios, such vulnerabilities can be leveraged for privilege escalation, threatening the overall security posture of the host environment.

Remediation

Immediate Action: Apply the latest kernel security updates provided by your distribution vendor. The fix is included in stable kernel versions 5.10.259, 5.15.210, 6.1.175, and 6.6.142.

Proactive Monitoring: Monitor system logs (dmesg) for kernel oops or segmentation faults related to the bluetooth or l2cap modules.

Compensating Controls: If immediate patching is not possible, disable the Bluetooth service on high-security or exposed systems to eliminate the attack vector.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Kernel vulnerabilities require immediate attention due to their potential for full system compromise. Administrators should verify their current kernel version and apply the upstream patches or distribution-provided updates as soon as they become available to mitigate this UAF risk.