Race Condition in Bluetooth Module of Linux Kernel
CVE-2026-31500

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31500?

A race condition exists within the Bluetooth module of the Linux kernel, specifically involving the btintel hardware error handling. The function btintel_hw_error() calls __hci_cmd_sync() without proper locking, which results in an opportunity for concurrent access by other functions such as btintel_shutdown_combined(). This improper synchronization can lead to a use-after-free condition, potentially allowing a malicious actor to exploit it and affect system stability. To mitigate this, the recovery sequence must be wrapped in synchronization locks to ensure that no other commands interfere during execution.

Affected Version(s)

Linux 973bb97e5aee56edddaae3d5c96877101ad509c0 < 5f84e845648dfa86e42de5487f1a774b42f0444d

Linux 973bb97e5aee56edddaae3d5c96877101ad509c0

Linux 973bb97e5aee56edddaae3d5c96877101ad509c0 < 66696648af477dc87859e5e4b607112f5f29d010

References

https://git.kernel.org/stable/c/5f84e845648dfa86e42de5487...

https://git.kernel.org/stable/c/e10a4cb72468686ffbe8bb2b0...

https://git.kernel.org/stable/c/66696648af477dc87859e5e4b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31500 Data

JSON