Impact
This vulnerability arises from a race condition in the Linux kernel’s RFCOMM module where a listener socket can be closed and freed while an incoming connection is being processed. The result is a use‑after‑free bug that allows corrupted kernel memory access when the unavailable socket is referenced.
Affected Systems
All Linux kernel installations that contain the Bluetooth RFCOMM stack and have not yet applied the CVE-2026-53256 fix may be affected. No specific kernel version range is given, so any kernel that uses the RFCOMM listener implementation at the time the patch was merged is potentially vulnerable.
Risk and Exploitability
The CVSS score of 8 indicates a high severity for the use‑after‑free bug. The EPSS score is below 1%, suggesting that exploitation is currently expected to be rare, and the vulnerability is not yet listed in CISA’s KEV catalog. Exploitation would require an attacker able to trigger the race between opening a listener socket and peer, a scenario that is feasible over an active Bluetooth connection.
OpenCVE Enrichment
Debian DLA