CVE-2026-23461

EPSS 0.04%
Veröffentlicht 03.04.2026 15:15:41
Zuletzt bearbeitet 27.04.2026 14:16:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user

After commit ab4eedb790ca ("Bluetooth: L2CAP: Fix corrupted list in
hci_chan_del"), l2cap_conn_del() uses conn->lock to protect access to
conn->users. However, l2cap_register_user() and l2cap_unregister_user()
don't use conn->lock, creating a race condition where these functions can
access conn->users and conn->hchan concurrently with l2cap_conn_del().

This can lead to use-after-free and list corruption bugs, as reported
by syzbot.

Fix this by changing l2cap_register_user() and l2cap_unregister_user()
to use conn->lock instead of hci_dev_lock(), ensuring consistent locking
for the l2cap_conn structure.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 6

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version efc30877bd4bc85fefe98d80af60fafc86e5775e

Version < 11a87dd5df428a4b79a84d2790cac7f3c73f1f0d

Status affected

Version f87271d21dd4ee83857ca11b94e7b4952749bbae

Version < c22a5e659959eb77c2fbb58a5adfaf3c3dab7abf

Status affected

Version ab4eedb790cae44313759b50fe47da285e2519d5

Version < da3000cbe4851458a22be38bb18c0689c39fdd5f

Status affected

Version ab4eedb790cae44313759b50fe47da285e2519d5

Version < 71030f3b3015a412133a805ff47970cdcf30c2b8

Status affected

Version ab4eedb790cae44313759b50fe47da285e2519d5

Version < 752a6c9596dd25efd6978a73ff21f3b592668f4a

Status affected

Version 18ab6b6078fa8191ca30a3065d57bf35d5635761

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.14

Status affected

Version 0

Version < 6.14

Status unaffected

Version <= 6.6.*

Version 6.6.130

Status unaffected

Version <= 6.12.*

Version 6.12.78

Status unaffected

Version <= 6.18.*

Version 6.18.20

Status unaffected

Version <= 6.19.*

Version 6.19.10

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.122

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/11a87dd5df428a4b79a84d2790cac7f3c73f1f0d

https://git.kernel.org/stable/c/c22a5e659959eb77c2fbb58a5adfaf3c3dab7abf

https://git.kernel.org/stable/c/da3000cbe4851458a22be38bb18c0689c39fdd5f

https://git.kernel.org/stable/c/71030f3b3015a412133a805ff47970cdcf30c2b8

https://git.kernel.org/stable/c/752a6c9596dd25efd6978a73ff21f3b592668f4a

https://nvd.nist.gov/vuln/detail/CVE-2026-23461

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23461

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23461

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23461