CVE-2026-23299
- Source
- https://cve.org/CVERecord?id=CVE-2026-23299
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23299.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23299
- Downstream
- Published
- 2026-03-25T10:26:55.481Z
- Modified
- 2026-04-02T13:12:20.837866Z
- Summary
- Bluetooth: purge error queues in socket destructors
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: purge error queues in socket destructors
When TX timestamping is enabled via SOTIMESTAMPING, SKBs may be queued into skerror_queue and will stay there until consumed. If userspace never gets to read the timestamps, or if the controller is removed unexpectedly, these SKBs will leak.
Fix by adding skbqueuepurge() calls for skerrorqueue in affected bluetooth destructors. RFCOMM does not currently use skerrorqueue.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23299.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/21e4271e65094172aadd5beb8caea95dd0fbf6d7
- https://git.kernel.org/stable/c/2b6c942a526635f5c61d2f000258e620da32d3a7
- https://git.kernel.org/stable/c/3de7c10a950b36affc692d8bd2ac713852580e56
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23299.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23299