Bluetooth L2CAP Vulnerability in Linux Kernel by Linux Foundation
CVE-2026-31499

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31499?

The Linux kernel exhibits a vulnerability in its Bluetooth implementation, specifically within the L2CAP layer. The issue arises from the improper handling of connection locks in the function l2cap_conn_del(). When this function attempts to cancel delayed work items while holding the connection lock, it can lead to a classic deadlock scenario. This occurs if the work functions l2cap_info_timeout() and l2cap_conn_update_id_addr() attempt to acquire the same lock that l2cap_conn_del() holds, resulting in a potential AB-BA deadlock. To mitigate this issue, the cancellation of work items should occur before obtaining the lock, and the use of disable_delayed_work_sync() is recommended to prevent re-arming the works after cancellation.

Affected Version(s)

Linux ab4eedb790cae44313759b50fe47da285e2519d5 < 3f26ecbd9cde621dd94be7ef252c7210b965a5c7

Linux ab4eedb790cae44313759b50fe47da285e2519d5

Linux ab4eedb790cae44313759b50fe47da285e2519d5 < 00fdebbbc557a2fc21321ff2eaa22fd70c078608

References

https://git.kernel.org/stable/c/3f26ecbd9cde621dd94be7ef2...

https://git.kernel.org/stable/c/d008460de352e534f6721de82...

https://git.kernel.org/stable/c/00fdebbbc557a2fc21321ff2e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31499 Data

JSON