CVE-2026-43022

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a queue item was added, so caller can know if callbacks are called, so it can avoid leaking resources. Ch...

none

Published: May 1, 2026

Modified: May 1, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists

hci_cmd_sync_queue_once() needs to indicate whether a queue item was
added, so caller can know if callbacks are called, so it can avoid
leaking resources.

Change the function to return -EEXIST if queue item already exists.

Modify all callsites to handle that.

References

https://git.kernel.org/stable/c/0ad2ce230b38cd4b3f6732cc609e270461e626e5
https://git.kernel.org/stable/c/2969554bcfccb5c609f6b6cd4a014933f3a66dd0