3 matches found
CVE-2026-31511
CVE-2026-31511 affects the Linux kernel Bluetooth MGMT subsystem, specifically a dangling pointer in mgmt_add_adv_patterns_monitor_complete where mgmt_pending_free(cmd) could kfree cmd before unlinking from the list. Connected advisories indicate Debian/Root and other OSV entries report a patch w...
CVE-2026-23151
CVE-2026-23151 in the Linux kernel Bluetooth MGMT path fixes a memory leak in set_ssp_complete due to missing mgmt_pending_free(cmd) calls (and similarly in set_advertising_complete).Root cause: mgmt_pending_cmd structures and their data were not freed after SSP commands completed, after a prior ...
CVE-2026-43059
CVE-2026-43059 affects the Linux kernel Bluetooth MGMT path. A change introducing mgmt_pending_valid() caused completion handlers to unlink commands from the pending list, which could lead to list corruption and potential memory safety issues. The patch fixes two issues: (1) in mgmt_add_adv_patte...