HOMEVULNERABILITIESCVE-2026-31510
MEDIUM

CVE-2026-31510

Published: April 22, 2026· Updated: Apr 28, 2026

5.5
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:6.8th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb

Before using sk pointer, check if it is null.

Fix the following:

KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]

CPU: 0 UID: 0 PID: 5985 Comm: kworker/0:5 Not tainted 7.0.0-rc4-00029-ga989fde763f4 #1 PREEMPT(full)

Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-9.fc43 06/10/2025

Workqueue: events l2cap_info_timeout

RIP: 0010:kasan_byte_accessible+0x12/0x30

Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce

veth0_macvtap: entered promiscuous mode

RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202

RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001

RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c

RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000

R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000

R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001

FS: 0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 00005582615a5008 CR3: 000000007007e000 CR4: 0000000000752ef0

PKRU: 55555554

Call Trace:

<TASK>

__kasan_check_byte+0x12/0x40

lock_acquire+0x79/0x2e0

lock_sock_nested+0x48/0x100

? l2cap_sock_ready_cb+0x46/0x160

l2cap_sock_ready_cb+0x46/0x160

l2cap_conn_start+0x779/0xff0

? __pfx_l2cap_conn_start+0x10/0x10

? l2cap_info_timeout+0x60/0xa0

? __pfx___mutex_lock+0x10/0x10

l2cap_info_timeout+0x68/0xa0

? process_scheduled_works+0xa8d/0x18c0

process_scheduled_works+0xb6e/0x18c0

? __pfx_process_scheduled_works+0x10/0x10

? assign_work+0x3d5/0x5e0

worker_thread+0xa53/0xfc0

kthread+0x388/0x470

? __pfx_worker_thread+0x10/0x10

? __pfx_kthread+0x10/0x10

ret_from_fork+0x51e/0xb90

? __pfx_ret_from_fork+0x10/0x10

veth1_macvtap: entered promiscuous mode

? __switch_to+0xc7d/0x1450

? __pfx_kthread+0x10/0x10

ret_from_fork_asm+0x1a/0x30

</TASK>

Modules linked in:

---[ end trace 0000000000000000 ]---

batman_adv: batadv0: Interface activated: batadv_slave_0

batman_adv: batadv0: Interface activated: batadv_slave_1

netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0

netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0

netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0

netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0

RIP: 0010:kasan_byte_accessible+0x12/0x30

Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cce

ieee80211 phy39: Selected rate control algorithm 'minstrel_ht'

RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202

RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001

RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c

RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000

R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000

R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001

FS: 0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000

CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

CR2: 00007f7e16139e9c CR3: 000000000e74e000 CR4: 0000000000752ef0

PKRU: 55555554

Kernel panic - not syncing: Fatal exception

NVD Source

Technical Analysis

CVE-2026-31510 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 5.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 3 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (8)

Quick Facts

CVE IDCVE-2026-31510
CVSS Score5.5 / 10
SeverityMEDIUM
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedApr 22, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-31510 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.