-

CVE-2026-53358

Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen()

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen()

l2cap_chan_close() removes the channel from conn->chan_l, which
must be done under conn->lock.  cleanup_listen() runs under the
parent sk_lock, so acquiring conn->lock would invert the
established conn->lock -> chan->lock -> sk_lock order.

Instead of calling l2cap_chan_close() directly, schedule
l2cap_chan_timeout with delay 0 to close the channel
asynchronously.  The timeout handler already acquires conn->lock
and chan->lock in the correct order.

The timer is only armed when chan->conn is still set: if it is
already NULL, l2cap_conn_del() has already processed this channel
(l2cap_chan_del + l2cap_sock_teardown_cb + l2cap_sock_close_cb),
so there is nothing left to do.  If l2cap_conn_del() races in
after the timer is armed, __clear_chan_timer() inside
l2cap_chan_del() cancels it; if the timer has already fired, the
handler returns harmlessly because chan->conn was cleared.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 3df91ea20e744344100b10ae69a17211fcf5b207
Version < 3634cbdc2eb414b69ffa752ddbe5e0458518e321
Status affected
Version 3df91ea20e744344100b10ae69a17211fcf5b207
Version < e1c100e2d61bd8c718b7d91fe3e050780a9bf72d
Status affected
Version 3df91ea20e744344100b10ae69a17211fcf5b207
Version < deb8493a8fa599f6c95e2465b12bfdfb7f94a1d9
Status affected
Version 3df91ea20e744344100b10ae69a17211fcf5b207
Version < 89dec92041717b027216e110599e4f6d6c921b79
Status affected
Version 3df91ea20e744344100b10ae69a17211fcf5b207
Version < 50dfec218808b148ab4247b1858031b7a32015c5
Status affected
Version 3df91ea20e744344100b10ae69a17211fcf5b207
Version < 859d3ace791ed878ae9ba5522c7844d960da8f88
Status affected
Version 3df91ea20e744344100b10ae69a17211fcf5b207
Version < 7555fd885a0603f50e49a655850a1f2bd8a25398
Status affected
Version 3df91ea20e744344100b10ae69a17211fcf5b207
Version < 8c8e620467a7b51562dbcefbd1f09f288d7d710d
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 3.4
Status affected
Version 0
Version < 3.4
Status unaffected
Version <= 5.10.*
Version 5.10.259
Status unaffected
Version <= 5.15.*
Version 5.15.210
Status unaffected
Version <= 6.1.*
Version 6.1.176
Status unaffected
Version <= 6.6.*
Version 6.6.143
Status unaffected
Version <= 6.12.*
Version 6.12.93
Status unaffected
Version <= 6.18.*
Version 6.18.35
Status unaffected
Version <= 7.0.*
Version 7.0.12
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.06
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/3634cbdc2eb414b69ffa752ddbe5e0458518e321
https://git.kernel.org/stable/c/e1c100e2d61bd8c718b7d91fe3e050780a9bf72d
https://git.kernel.org/stable/c/deb8493a8fa599f6c95e2465b12bfdfb7f94a1d9
https://git.kernel.org/stable/c/89dec92041717b027216e110599e4f6d6c921b79
https://git.kernel.org/stable/c/50dfec218808b148ab4247b1858031b7a32015c5
https://git.kernel.org/stable/c/859d3ace791ed878ae9ba5522c7844d960da8f88
https://git.kernel.org/stable/c/7555fd885a0603f50e49a655850a1f2bd8a25398
https://git.kernel.org/stable/c/8c8e620467a7b51562dbcefbd1f09f288d7d710d