CVE-2026-43022 PUBLISHED

Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists

Assigner: Linux
Reserved: 01.05.2026 Published: 01.05.2026 Updated: 02.05.2026

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists

hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources.

Change the function to return -EEXIST if queue item already exists.

Modify all callsites to handle that.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 505ea2b295929e7be2b4e1bc86ee31cb7862fb01 to 0ad2ce230b38cd4b3f6732cc609e270461e626e5 (excl.) affected from 505ea2b295929e7be2b4e1bc86ee31cb7862fb01 to 2969554bcfccb5c609f6b6cd4a014933f3a66dd0 (excl.) Version f00f36db76eb8fd10d13e80e2590f23b5beaa54d is affected Version 1499f79995c7ee58e3bfeeff75f6d1b37dcda881 is affected Version 357603f4d396d85fbf0045512efaf1d7f7394ed7 is affected

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.9 is affected unaffected from 0 to 6.9 (excl.) unaffected from 6.19.12 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-43022 PUBLISHED

Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists

Product Status

References