CVE-2026-31499 in Linux정보

요약

\~에 의해 MITRE • 2026. 04. 22.

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()

l2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer and id_addr_timer while holding conn->lock. However, the work functions l2cap_info_timeout() and l2cap_conn_update_id_addr() both acquire conn->lock, creating a potential AB-BA deadlock if the work is already executing when l2cap_conn_del() takes the lock.

Move the work cancellations before acquiring conn->lock and use disable_delayed_work_sync() to additionally prevent the works from being rearmed after cancellation, consistent with the pattern used in hci_conn_del().

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

Linux

예약하다

2026. 03. 09.

모더레이션

수락

항목

VDB-358931

EPSS

0.00020

KEV

아니요

활동

매우 낮음

부문

Hospital, Lawfirm, ...

출처

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-31499
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-31499
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-31499/

이전개요다음

Do you want to use VulDB in your project?

Use the official API to access entries easily!