CVE-2026-23299Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime8 documents7 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 94.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SO_TIMESTAMPING, SKBs may be queued into sk_error_queue and will stay there until consumed. If userspace never gets to read the timestamps, or if the controller is removed unexpectedly, these SKBs will leak. Fix by adding skb_queue_purge() calls for sk_error_queue in affected bluetooth destructors. RFCOMM does not currently use sk_error_qu

Affected Packages3 packages

Linuxlinux/linux_kernel6.15.06.18.17+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux134f4b39df7b77225a80ef585c15d46f964f5e6f2b6c942a526635f5c61d2f000258e620da32d3a7+3

🔴Vulnerability Details

4
GHSA
GHSA-2286-mwvj-8983: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enab2026-03-25
CVEList
Bluetooth: purge error queues in socket destructors2026-03-25
OSV
CVE-2026-23299: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enable2026-03-25
OSV
Bluetooth: purge error queues in socket destructors2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: Bluetooth: purge error queues in socket destructors2026-03-25
Debian
CVE-2026-23299: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23299 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23299 — Linux vulnerability | cvebase