CVE-2026-23299 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-23299 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SO_TIMESTAMPING, SKBs may be queued into sk_error_queue and will stay there until consumed. If userspace never gets to read the timestamps, or if the controller is removed unexpectedly, these SKBs will leak. Fix by adding skb_queue_purge() calls for sk_error_queue in affected bluetooth destructors. RFCOMM does not currently use sk_error_queue.

EPSS 0.02% · 3.9th percentile

Risk Scores

EPSS Score

0.02%

3.9th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	134f4b39df7b77225a80ef585c15d46f964f5e6f, 134f4b39df7b77225a80ef585c15d46f964f5e6f, 134f4b39df7b77225a80ef585c15d46f964f5e6f
linux	linux_kernel	6.15, 6.15, 6.15

Timeline

Mar 25, 2026 EPSS Score
Mar 25, 2026 Coalition ESS Score
Mar 25, 2026 CVE Published
Mar 29, 2026 Security Advisory
Apr 13, 2026 CVE Updated

References

Open in Interactive Console →