VDB
CVE-2026-31511
CVE-2026-31511
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete This fixes the condition checking so mgmt_pending_valid is executed whenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd) would kfree(cmd) without unlinking it from the list first, leaving a dangling pointer. Any subsequent list traversal (e.g., mgmt_pending_foreach during __mgmt_power_off, or another mgmt_pending_valid call) would dereference freed memory.
EPSS 0.02% · 3.5th percentile
Risk Scores
EPSS Score
0.02%
3.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 6.12.59, 6.17, 6.17 |
| Linux | Linux | d71b98f253b079cbadc83266383f26fe7e9e103b, 302a1f674c00dd5581ab8e493ef44767c5101aab, 87a1f16f07c6c43771754075e08f45b41d237421 |
Timeline
- Apr 22, 2026 CVE Published
- Apr 23, 2026 Security Advisory
- Apr 28, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/340666172cf747de58c283d2eef1f335f050538b url
- https://git.kernel.org/stable/c/bafec9325d4de26b6c49db75b5d5172de652aae0 url
- https://git.kernel.org/stable/c/3a89c33deffb3cb7877a7ea2e50734cd12b064f2 url
- https://git.kernel.org/stable/c/5f5fa4cd35f707344f65ce9e225b6528691dbbaa url
- https://nvd.nist.gov/vuln/detail/CVE-2026-31511 advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory