Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In the net: rose module, the function rosekillbydevice collects sockets into a local array, and then iterates over those arrays to disconnect sockets bound to devices that are being shut down. The loop mistakenly indexes arraycnt...

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

CVE-2026-31411

CVE-2026-31411: Linux kernel ATM signaling path (net/atm) allowed forged user pointers via sendmsg(), leading to potential memory safety risks. A fix adds find_get_vcc() to validate the vcc pointer against the vcc_hash and uses sock_hold() to keep the object alive during processing of signaling o...

Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

...

EUVD-2026-19196

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

UBUNTU-CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

CVE-2026-31408

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock without holding a reference to the socket. A concurrent close can free the...

CVE-2026-31408

CVE-2026-31408 is a Linux kernel Bluetooth SCO use-after-free in sco_recv_frame(), where conn->sk is accessed after releasing sco_conn_lock() without holding a reference. The fix uses sco_sock_hold() to take a reference before unlocking and adds sock_put() on exit paths. Connected advisories s...

Linux Distros Unpatched Vulnerability : CVE-2026-31408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: SCO: Fix use-after-free in scorecvframe due to missing sockhold scorecvframe reads conn-sk under scoconnlock but immediately releases the lock withou...

kernel: mptcp: fix race condition in mptcp_schedule_work()

A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...

kernel: mptcp: fix race condition in mptcp_schedule_work()

A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...

kernel: mptcp: fix race condition in mptcp_schedule_work()

A race in mptcpschedulework could lead to a use-after-free: the function queued work and only then acquired a reference to the socket. If the worker ran to completion immediately, the subsequent sockhold operated on a freed object. Impact ranges from kernel crash DoS to potential privilege...

PT-2025-49088

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a race condition within the mptcp schedule work function. Specifically, a use-after-free issue was identified where mptcp worker could execute before a referen...

SUSE CVE-2024-41006

In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nrheartbeatexpiry syzbot reported a memory leak in nrcreate 0. Commit 409db27e3a2e "netrom: Fix use-after-free of a listening socket." added sockhold to the nrheartbeatexpiry function, where a a socke...

UBUNTU-CVE-2024-41006

In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nrheartbeatexpiry syzbot reported a memory leak in nrcreate 0. Commit 409db27e3a2e "netrom: Fix use-after-free of a listening socket." added sockhold to the nrheartbeatexpiry function, where a a socke...