PT-2026-51965 · Linux · Linux
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-53071
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: l2cap: Add missing chan lock in l2cap ecred reconf rsp
l2cap ecred reconf rsp() calls l2cap chan del() without holding
l2cap chan lock(). Every other l2cap chan del() caller in the file
acquires the lock first. A remote BLE device can send a crafted
L2CAP ECRED reconfiguration response to corrupt the channel list
while another thread is iterating it.
Add l2cap chan hold() and l2cap chan lock() before l2cap chan del(),
and l2cap chan unlock() and l2cap chan put() after, matching the
pattern used in l2cap ecred conn rsp() and l2cap conn del().
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux