CVE-2026-31499

Published: Apr 22, 2026

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del() l2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer and id_addr_timer while holding conn->lock. However, the work functions l2cap_info_timeout() and l2cap_conn_update_id_addr() both acquire conn->lock, creating a potential AB-BA deadlock if the work is already executing when l2cap_conn_del() takes the lock. Move the work cancellations before acquiring conn->lock and use disable_delayed_work_sync() to additionally prevent the works from being rearmed after cancellation, consistent with the pattern used in hci_conn_del().

Vendor	Product	Versions
Linux	Linux	affected `f87271d21dd4ee83857ca11b94e7b4952749bbae - < f7f35a4f7fd574f5889bb2e4b397e14cbb83f6da` affected `ab4eedb790cae44313759b50fe47da285e2519d5 - < 3f26ecbd9cde621dd94be7ef252c7210b965a5c7` affected `ab4eedb790cae44313759b50fe47da285e2519d5 - < d008460de352e534f6721de829b093368564ec66` affected `ab4eedb790cae44313759b50fe47da285e2519d5 - < 00fdebbbc557a2fc21321ff2eaa22fd70c078608` affected `efc30877bd4bc85fefe98d80af60fafc86e5775e` +4 more versions
Linux	Linux	affected `6.14` unaffected `0 - < 6.14` unaffected `6.12.88 - <= 6.12.` unaffected `6.18.21 - <= 6.18.` unaffected `6.19.11 - <= 6.19.*` +1 more versions

References

https://git.kernel.org/stable/c/f7f35a4f7fd574f5889bb2e4b397e14cbb83f6da

https://git.kernel.org/stable/c/3f26ecbd9cde621dd94be7ef252c7210b965a5c7

https://git.kernel.org/stable/c/d008460de352e534f6721de829b093368564ec66

https://git.kernel.org/stable/c/00fdebbbc557a2fc21321ff2eaa22fd70c078608

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31499

Description

Affected Products

References