CVE-2026-23462Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count6 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dropping l2cap_conn reference when user->remove callback is called: [ 97.809249] l2cap_conn_free: freeing conn ffff88810a171c00 [ 97.809907] CPU: 1 UID: 0 PID: 1419 Comm: repro_standalon Not tainted 7.0.0-rc1-dirty #14 PREEMPT(lazy) [ 97.809935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 [ 97.80994

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
debiandebian/linux< linux 6.19.10-1 (forky)
CVEListV5linux/linuxb4f34d8d9d26b2428fa7cf7c8f97690a297978e621a47a119f33df9bb157326846390d7e8e1b45ba+6

🔴Vulnerability Details

2
OSV
CVE-2026-23462: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dro2026-04-03
GHSA
GHSA-2m32-7xgm-rmj6: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not d2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: Bluetooth: HIDP: Fix possible UAF2026-04-03
Debian
CVE-2026-23462: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23462 Impact, Exploitability, and Mitigation Steps | Wiz