{"api_version":"1","generated_at":"2026-04-22T20:19:33+00:00","cve":"CVE-2026-31510","urls":{"html":"https://cve.report/CVE-2026-31510","api":"https://cve.report/api/cve/CVE-2026-31510.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-31510","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-31510"},"summary":{"title":"Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm: kworker/0:5 Not tainted 7.0.0-rc4-00029-ga989fde763f4 #1 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-9.fc43 06/10/2025\n Workqueue: events l2cap_info_timeout\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n veth0_macvtap: entered promiscuous mode\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005582615a5008 CR3: 000000007007e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Call Trace:\n  <TASK>\n  __kasan_check_byte+0x12/0x40\n  lock_acquire+0x79/0x2e0\n  lock_sock_nested+0x48/0x100\n  ? l2cap_sock_ready_cb+0x46/0x160\n  l2cap_sock_ready_cb+0x46/0x160\n  l2cap_conn_start+0x779/0xff0\n  ? __pfx_l2cap_conn_start+0x10/0x10\n  ? l2cap_info_timeout+0x60/0xa0\n  ? __pfx___mutex_lock+0x10/0x10\n  l2cap_info_timeout+0x68/0xa0\n  ? process_scheduled_works+0xa8d/0x18c0\n  process_scheduled_works+0xb6e/0x18c0\n  ? __pfx_process_scheduled_works+0x10/0x10\n  ? assign_work+0x3d5/0x5e0\n  worker_thread+0xa53/0xfc0\n  kthread+0x388/0x470\n  ? __pfx_worker_thread+0x10/0x10\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x51e/0xb90\n  ? __pfx_ret_from_fork+0x10/0x10\n veth1_macvtap: entered promiscuous mode\n  ? __switch_to+0xc7d/0x1450\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  </TASK>\n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n batman_adv: batadv0: Interface activated: batadv_slave_0\n batman_adv: batadv0: Interface activated: batadv_slave_1\n netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n ieee80211 phy39: Selected rate control algorithm 'minstrel_ht'\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7e16139e9c CR3: 000000000e74e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception","state":"PUBLISHED","assigner":"Linux","published_at":"2026-04-22 14:16:50","updated_at":"2026-04-22 14:16:50"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/b6552e0503973daf6f23bd6ed9273ef131ee364f","name":"https://git.kernel.org/stable/c/b6552e0503973daf6f23bd6ed9273ef131ee364f","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/03d4eafb0f3788239df63575951f6b4c97bbfda4","name":"https://git.kernel.org/stable/c/03d4eafb0f3788239df63575951f6b4c97bbfda4","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/a04a760c06bb591989db659439efdf106f0bae76","name":"https://git.kernel.org/stable/c/a04a760c06bb591989db659439efdf106f0bae76","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/1dc6db047919ecd59493cd51248b37381bbabcbb","name":"https://git.kernel.org/stable/c/1dc6db047919ecd59493cd51248b37381bbabcbb","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/0780f9333852971ca77d110019e3a66ce5a7b100","name":"https://git.kernel.org/stable/c/0780f9333852971ca77d110019e3a66ce5a7b100","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/898b89c90ff9496e64b9331040778cc4e1b28c9d","name":"https://git.kernel.org/stable/c/898b89c90ff9496e64b9331040778cc4e1b28c9d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/d34776c7fa1f2c510f1cdd14823aba701babb4ad","name":"https://git.kernel.org/stable/c/d34776c7fa1f2c510f1cdd14823aba701babb4ad","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/3c821bc0fbeaa27910a20d0b43c6008d099792af","name":"https://git.kernel.org/stable/c/3c821bc0fbeaa27910a20d0b43c6008d099792af","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-31510","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31510","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 54a59aa2b562872781d6a8fc89f300d360941691 d34776c7fa1f2c510f1cdd14823aba701babb4ad git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 54a59aa2b562872781d6a8fc89f300d360941691 03d4eafb0f3788239df63575951f6b4c97bbfda4 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 54a59aa2b562872781d6a8fc89f300d360941691 3c821bc0fbeaa27910a20d0b43c6008d099792af git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 54a59aa2b562872781d6a8fc89f300d360941691 a04a760c06bb591989db659439efdf106f0bae76 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 54a59aa2b562872781d6a8fc89f300d360941691 0780f9333852971ca77d110019e3a66ce5a7b100 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 54a59aa2b562872781d6a8fc89f300d360941691 1dc6db047919ecd59493cd51248b37381bbabcbb git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 54a59aa2b562872781d6a8fc89f300d360941691 898b89c90ff9496e64b9331040778cc4e1b28c9d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 54a59aa2b562872781d6a8fc89f300d360941691 b6552e0503973daf6f23bd6ed9273ef131ee364f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3.6","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 3.6 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.253 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.203 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.168 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.131 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.80 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.21 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.11 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"d34776c7fa1f2c510f1cdd14823aba701babb4ad","status":"affected","version":"54a59aa2b562872781d6a8fc89f300d360941691","versionType":"git"},{"lessThan":"03d4eafb0f3788239df63575951f6b4c97bbfda4","status":"affected","version":"54a59aa2b562872781d6a8fc89f300d360941691","versionType":"git"},{"lessThan":"3c821bc0fbeaa27910a20d0b43c6008d099792af","status":"affected","version":"54a59aa2b562872781d6a8fc89f300d360941691","versionType":"git"},{"lessThan":"a04a760c06bb591989db659439efdf106f0bae76","status":"affected","version":"54a59aa2b562872781d6a8fc89f300d360941691","versionType":"git"},{"lessThan":"0780f9333852971ca77d110019e3a66ce5a7b100","status":"affected","version":"54a59aa2b562872781d6a8fc89f300d360941691","versionType":"git"},{"lessThan":"1dc6db047919ecd59493cd51248b37381bbabcbb","status":"affected","version":"54a59aa2b562872781d6a8fc89f300d360941691","versionType":"git"},{"lessThan":"898b89c90ff9496e64b9331040778cc4e1b28c9d","status":"affected","version":"54a59aa2b562872781d6a8fc89f300d360941691","versionType":"git"},{"lessThan":"b6552e0503973daf6f23bd6ed9273ef131ee364f","status":"affected","version":"54a59aa2b562872781d6a8fc89f300d360941691","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/bluetooth/l2cap_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"3.6"},{"lessThan":"3.6","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.253","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.203","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.168","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.131","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.80","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.21","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.11","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.253","versionStartIncluding":"3.6","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.203","versionStartIncluding":"3.6","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.168","versionStartIncluding":"3.6","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.131","versionStartIncluding":"3.6","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.80","versionStartIncluding":"3.6","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.21","versionStartIncluding":"3.6","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.11","versionStartIncluding":"3.6","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"3.6","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm: kworker/0:5 Not tainted 7.0.0-rc4-00029-ga989fde763f4 #1 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-9.fc43 06/10/2025\n Workqueue: events l2cap_info_timeout\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n veth0_macvtap: entered promiscuous mode\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005582615a5008 CR3: 000000007007e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Call Trace:\n  <TASK>\n  __kasan_check_byte+0x12/0x40\n  lock_acquire+0x79/0x2e0\n  lock_sock_nested+0x48/0x100\n  ? l2cap_sock_ready_cb+0x46/0x160\n  l2cap_sock_ready_cb+0x46/0x160\n  l2cap_conn_start+0x779/0xff0\n  ? __pfx_l2cap_conn_start+0x10/0x10\n  ? l2cap_info_timeout+0x60/0xa0\n  ? __pfx___mutex_lock+0x10/0x10\n  l2cap_info_timeout+0x68/0xa0\n  ? process_scheduled_works+0xa8d/0x18c0\n  process_scheduled_works+0xb6e/0x18c0\n  ? __pfx_process_scheduled_works+0x10/0x10\n  ? assign_work+0x3d5/0x5e0\n  worker_thread+0xa53/0xfc0\n  kthread+0x388/0x470\n  ? __pfx_worker_thread+0x10/0x10\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x51e/0xb90\n  ? __pfx_ret_from_fork+0x10/0x10\n veth1_macvtap: entered promiscuous mode\n  ? __switch_to+0xc7d/0x1450\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  </TASK>\n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n batman_adv: batadv0: Interface activated: batadv_slave_0\n batman_adv: batadv0: Interface activated: batadv_slave_1\n netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n ieee80211 phy39: Selected rate control algorithm 'minstrel_ht'\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7e16139e9c CR3: 000000000e74e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception"}],"providerMetadata":{"dateUpdated":"2026-04-22T13:54:28.712Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/d34776c7fa1f2c510f1cdd14823aba701babb4ad"},{"url":"https://git.kernel.org/stable/c/03d4eafb0f3788239df63575951f6b4c97bbfda4"},{"url":"https://git.kernel.org/stable/c/3c821bc0fbeaa27910a20d0b43c6008d099792af"},{"url":"https://git.kernel.org/stable/c/a04a760c06bb591989db659439efdf106f0bae76"},{"url":"https://git.kernel.org/stable/c/0780f9333852971ca77d110019e3a66ce5a7b100"},{"url":"https://git.kernel.org/stable/c/1dc6db047919ecd59493cd51248b37381bbabcbb"},{"url":"https://git.kernel.org/stable/c/898b89c90ff9496e64b9331040778cc4e1b28c9d"},{"url":"https://git.kernel.org/stable/c/b6552e0503973daf6f23bd6ed9273ef131ee364f"}],"title":"Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-31510","datePublished":"2026-04-22T13:54:28.712Z","dateReserved":"2026-03-09T15:48:24.106Z","dateUpdated":"2026-04-22T13:54:28.712Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-22 14:16:50","lastModifiedDate":"2026-04-22 14:16:50","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"31510","Ordinal":"1","Title":"Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb","CVE":"CVE-2026-31510","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"31510","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm: kworker/0:5 Not tainted 7.0.0-rc4-00029-ga989fde763f4 #1 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-9.fc43 06/10/2025\n Workqueue: events l2cap_info_timeout\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n veth0_macvtap: entered promiscuous mode\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005582615a5008 CR3: 000000007007e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Call Trace:\n  <TASK>\n  __kasan_check_byte+0x12/0x40\n  lock_acquire+0x79/0x2e0\n  lock_sock_nested+0x48/0x100\n  ? l2cap_sock_ready_cb+0x46/0x160\n  l2cap_sock_ready_cb+0x46/0x160\n  l2cap_conn_start+0x779/0xff0\n  ? __pfx_l2cap_conn_start+0x10/0x10\n  ? l2cap_info_timeout+0x60/0xa0\n  ? __pfx___mutex_lock+0x10/0x10\n  l2cap_info_timeout+0x68/0xa0\n  ? process_scheduled_works+0xa8d/0x18c0\n  process_scheduled_works+0xb6e/0x18c0\n  ? __pfx_process_scheduled_works+0x10/0x10\n  ? assign_work+0x3d5/0x5e0\n  worker_thread+0xa53/0xfc0\n  kthread+0x388/0x470\n  ? __pfx_worker_thread+0x10/0x10\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x51e/0xb90\n  ? __pfx_ret_from_fork+0x10/0x10\n veth1_macvtap: entered promiscuous mode\n  ? __switch_to+0xc7d/0x1450\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  </TASK>\n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n batman_adv: batadv0: Interface activated: batadv_slave_0\n batman_adv: batadv0: Interface activated: batadv_slave_1\n netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce\n ieee80211 phy39: Selected rate control algorithm 'minstrel_ht'\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7e16139e9c CR3: 000000000e74e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception","Type":"Description","Title":"Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb"}]}}}