CVE-2026-31511 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete This fixes the condition checking so mgmt_pending_valid is executed whenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd) would kfree(cmd) without unlinking it from the list first, leaving a dangling pointer. Any subsequent list traversal (e.g., mgmt_pending_foreach during __mgmt_power_off, or another mgmt_pending_valid call) would dereference freed memory.

PUBLISHED Reserved 2026-03-09 | Published 2026-04-22 | Updated 2026-04-27 | Assigner Linux

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status

unaffected

d71b98f253b079cbadc83266383f26fe7e9e103b (git) before 340666172cf747de58c283d2eef1f335f050538b

affected

302a1f674c00dd5581ab8e493ef44767c5101aab (git) before bafec9325d4de26b6c49db75b5d5172de652aae0

affected

302a1f674c00dd5581ab8e493ef44767c5101aab (git) before 3a89c33deffb3cb7877a7ea2e50734cd12b064f2

affected

302a1f674c00dd5581ab8e493ef44767c5101aab (git) before 5f5fa4cd35f707344f65ce9e225b6528691dbbaa

affected

87a1f16f07c6c43771754075e08f45b41d237421 (git)

affected

Default status

affected

6.17

affected

Any version before 6.17

unaffected

6.12.80 (semver)

unaffected

6.18.21 (semver)

unaffected

6.19.11 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/340666172cf747de58c283d2eef1f335f050538b

git.kernel.org/...c/bafec9325d4de26b6c49db75b5d5172de652aae0

git.kernel.org/...c/3a89c33deffb3cb7877a7ea2e50734cd12b064f2

git.kernel.org/...c/5f5fa4cd35f707344f65ce9e225b6528691dbbaa

cve.org (CVE-2026-31511)

nvd.nist.gov (CVE-2026-31511)

Download JSON

help @ threatint.eu