Linux kernel: Bluetooth MGMT dangling pointer vuln: CVE-2026-31511 April 2026

Linux kernel: Bluetooth MGMT dangling pointer vuln
CVE-2026-31511 Published on April 22, 2026

Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete This fixes the condition checking so mgmt_pending_valid is executed whenever status != -ECANCELED otherwise calling mgmt_pending_free(cmd) would kfree(cmd) without unlinking it from the list first, leaving a dangling pointer. Any subsequent list traversal (e.g., mgmt_pending_foreach during __mgmt_power_off, or another mgmt_pending_valid call) would dereference freed memory.

Products Associated with CVE-2026-31511

Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.

Affected Versions

Version d71b98f253b079cbadc83266383f26fe7e9e103b and below 340666172cf747de58c283d2eef1f335f050538b is affected.

Version 302a1f674c00dd5581ab8e493ef44767c5101aab and below bafec9325d4de26b6c49db75b5d5172de652aae0 is affected.

Version 302a1f674c00dd5581ab8e493ef44767c5101aab and below 3a89c33deffb3cb7877a7ea2e50734cd12b064f2 is affected.

Version 302a1f674c00dd5581ab8e493ef44767c5101aab and below 5f5fa4cd35f707344f65ce9e225b6528691dbbaa is affected.

Version 87a1f16f07c6c43771754075e08f45b41d237421 is affected.

Version 6.17 is affected.

Before 6.17 is unaffected.

Version 6.12.80, <= 6.12.* is unaffected.

Version 6.18.21, <= 6.18.* is unaffected.

Version 6.19.11, <= 6.19.* is unaffected.

Version 7.0, <= * is unaffected.

Linux kernel: Bluetooth MGMT dangling pointer vulnCVE-2026-31511 Published on April 22, 2026

Products Associated with CVE-2026-31511

Affected Versions

Linux kernel: Bluetooth MGMT dangling pointer vuln
CVE-2026-31511 Published on April 22, 2026