CVE-2026-23299

MEDIUM EPSS 2.2%
Published Mar 25, 20263mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SO_TIMESTAMPING, SKBs may be queued into sk_error_queue and will stay there until consumed. If userspace never gets to read the timestamps, or if the controller is removed unexpectedly, these SKBs will leak. Fix by adding skb_queue_purge() calls for sk_error_queue in affected bluetooth destructors. RFCOMM does not currently use sk_error_queue.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-772

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥6.15  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.7
linuxlinux_kernel7.0any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/21e4271e65094172aadd5beb8caea95dd0fbf6d7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2b6c942a526635f5c61d2f000258e620da32d3a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3de7c10a950b36affc692d8bd2ac713852580e56
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/21e4271e65094172aadd5beb8caea95dd0fbf6d7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2b6c942a526635f5c61d2f000258e620da32d3a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3de7c10a950b36affc692d8bd2ac713852580e56
    Patch