CVE-2026-31511

EUVD-2026-24893
In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete

This fixes the condition checking so mgmt_pending_valid is executed
whenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd)
would kfree(cmd) without unlinking it from the list first, leaving a
dangling pointer. Any subsequent list traversal (e.g.,
mgmt_pending_foreach during __mgmt_power_off, or another
mgmt_pending_valid call) would dereference freed memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.12.59 ≤
𝑥
< 6.12.80
linuxlinux_kernel
6.16.10 ≤
𝑥
< 6.17
linuxlinux_kernel
6.17.1 ≤
𝑥
< 6.18.21
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.11
linuxlinux_kernel
6.17
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.10-1
fixed
sid
7.0.10-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.90-2
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/2074dfffad76981ca451cb7fc98703d04ac562fe
https://git.kernel.org/stable/c/340666172cf747de58c283d2eef1f335f050538b
https://git.kernel.org/stable/c/3a89c33deffb3cb7877a7ea2e50734cd12b064f2
https://git.kernel.org/stable/c/5f5fa4cd35f707344f65ce9e225b6528691dbbaa
https://git.kernel.org/stable/c/bafec9325d4de26b6c49db75b5d5172de652aae0