Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Fixed possible UAFs This attempt to fix possible UAFs is due to the fact that the struct mgmtpending is freed while it is still being processed, as seen in the following trace. To address this issue,...

kernel: Bluetooth: MGMT: Fix possible UAFs

A flaw was found in the Linux kernel’s Bluetooth management subsystem net/bluetooth/mgmt.c. The mgmtpending structure may be freed while still being processed, or remain on the pending command list, which allows a use-after-free or double-free scenario. An attacker with local access to the system...

CVE-2026-31511

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status != -ECANCELED otherwise calling mgmtpendingfreecmd would kfreecmd withou...

CVE-2026-31511

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmtaddadvpatternsmonitorcomplete This fixes the condition checking so mgmtpendingvalid is executed whenever status != -ECANCELED otherwise calling mgmtpendingfreecmd would kfreecmd withou...

UBUNTU-CVE-2025-40213

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

CVE-2025-40213 Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

CVE-2025-39981

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmtpending being freed while still being processed like in the following trace, in order to fix mgmtpendingvalid is introduce and use to check...

CVE-2025-39981 Bluetooth: MGMT: Fix possible UAFs

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmtpending being freed while still being processed like in the following trace, in order to fix mgmtpendingvalid is introduce and use to check...

PT-2025-42256

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to Bluetooth MGMT handling, potentially leading to use-after-free UAF conditions. This issue arises from the improper management of mgmt pending...

SUSE CVE-2025-38117

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmtpending list with its own lock This uses a mutex to protect from concurrent access of mgmtpending list which can cause crashes like: ==================================================================...

DEBIAN-CVE-2025-38117

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmtpending list with its own lock This uses a mutex to protect from concurrent access of mgmtpending list which can cause crashes like: ==================================================================...

PT-2025-27703

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7 Description: A vulnerability in the Linux kernel's Bluetooth management has been resolved by protecting the mgmt pending list with its own lock, preventing crashes due to concurrent access. The issue...