CVE-2026-53071

Source
https://cve.org/CVERecord?id=CVE-2026-53071
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53071.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-53071
Downstream
Related
Published
2026-06-24T16:30:12.694Z
Modified
2026-07-09T18:29:29.477772354Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: l2cap: Add missing chan lock in l2capecredreconf_rsp

l2capecredreconfrsp() calls l2capchandel() without holding l2capchanlock(). Every other l2capchan_del() caller in the file acquires the lock first. A remote BLE device can send a crafted L2CAP ECRED reconfiguration response to corrupt the channel list while another thread is iterating it.

Add l2capchanhold() and l2capchanlock() before l2capchandel(), and l2capchanunlock() and l2capchanput() after, matching the pattern used in l2capecredconnrsp() and l2capconn_del().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53071.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
15f02b91056253e8cdc592888f431da0731337b8
Fixed
96dca51715d86559ed6ed8028e5445cecb80f3ae
Fixed
330b20ec97916961ee0e6c29c06bc0fa7c96e64c
Fixed
0ccd75c51f620374086f359e906917676e699a1c
Fixed
77a853aec710b2fdf41fa298ea3cbc9a4358f917
Fixed
fe1188abdae9b7a8199dcdfcf9244d5e5d61eb14
Fixed
dc89961b76f12aff47124c1df4bdb32a080f4d0c
Fixed
5501d055a1ce3c747141e3955ba8cf034d193f3e
Fixed
42776497cdbc9a665b384a6dcb85f0d4bd927eab

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53071.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.7.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-53071.json"