{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "54a59aa2b562872781d6a8fc89f300d360941691"
            },
            {
              "fixed": "d34776c7fa1f2c510f1cdd14823aba701babb4ad"
            },
            {
              "fixed": "03d4eafb0f3788239df63575951f6b4c97bbfda4"
            },
            {
              "fixed": "3c821bc0fbeaa27910a20d0b43c6008d099792af"
            },
            {
              "fixed": "a04a760c06bb591989db659439efdf106f0bae76"
            },
            {
              "fixed": "0780f9333852971ca77d110019e3a66ce5a7b100"
            },
            {
              "fixed": "1dc6db047919ecd59493cd51248b37381bbabcbb"
            },
            {
              "fixed": "898b89c90ff9496e64b9331040778cc4e1b28c9d"
            },
            {
              "fixed": "b6552e0503973daf6f23bd6ed9273ef131ee364f"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.6.0"
            },
            {
              "fixed": "5.10.253"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.11.0"
            },
            {
              "fixed": "5.15.203"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.168"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.131"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.80"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.21"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31510.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb\n\nBefore using sk pointer, check if it is null.\n\nFix the following:\n\n KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]\n CPU: 0 UID: 0 PID: 5985 Comm: kworker/0:5 Not tainted 7.0.0-rc4-00029-ga989fde763f4 #1 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-9.fc43 06/10/2025\n Workqueue: events l2cap_info_timeout\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df \u003c0f\u003e b6 04 07 3c 08 0f 92 c0 c3 cc cce\n veth0_macvtap: entered promiscuous mode\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005582615a5008 CR3: 000000007007e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Call Trace:\n  \u003cTASK\u003e\n  __kasan_check_byte+0x12/0x40\n  lock_acquire+0x79/0x2e0\n  lock_sock_nested+0x48/0x100\n  ? l2cap_sock_ready_cb+0x46/0x160\n  l2cap_sock_ready_cb+0x46/0x160\n  l2cap_conn_start+0x779/0xff0\n  ? __pfx_l2cap_conn_start+0x10/0x10\n  ? l2cap_info_timeout+0x60/0xa0\n  ? __pfx___mutex_lock+0x10/0x10\n  l2cap_info_timeout+0x68/0xa0\n  ? process_scheduled_works+0xa8d/0x18c0\n  process_scheduled_works+0xb6e/0x18c0\n  ? __pfx_process_scheduled_works+0x10/0x10\n  ? assign_work+0x3d5/0x5e0\n  worker_thread+0xa53/0xfc0\n  kthread+0x388/0x470\n  ? __pfx_worker_thread+0x10/0x10\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x51e/0xb90\n  ? __pfx_ret_from_fork+0x10/0x10\n veth1_macvtap: entered promiscuous mode\n  ? __switch_to+0xc7d/0x1450\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n batman_adv: batadv0: Interface activated: batadv_slave_0\n batman_adv: batadv0: Interface activated: batadv_slave_1\n netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0\n netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0\n RIP: 0010:kasan_byte_accessible+0x12/0x30\n Code: 79 ff ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df \u003c0f\u003e b6 04 07 3c 08 0f 92 c0 c3 cc cce\n ieee80211 phy39: Selected rate control algorithm 'minstrel_ht'\n RSP: 0018:ffffc90006e0f808 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffff89746018 RCX: 0000000080000001\n RDX: 0000000000000000 RSI: ffffffff89746018 RDI: 000000000000004c\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: dffffc0000000000 R11: ffffffff8aae3e70 R12: 0000000000000000\n R13: 0000000000000260 R14: 0000000000000260 R15: 0000000000000001\n FS:  0000000000000000(0000) GS:ffff8880983c2000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f7e16139e9c CR3: 000000000e74e000 CR4: 0000000000752ef0\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception",
  "id": "CVE-2026-31510",
  "modified": "2026-07-08T05:39:04.809166267Z",
  "published": "2026-04-22T13:54:28.712Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/03d4eafb0f3788239df63575951f6b4c97bbfda4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0780f9333852971ca77d110019e3a66ce5a7b100"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1dc6db047919ecd59493cd51248b37381bbabcbb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3c821bc0fbeaa27910a20d0b43c6008d099792af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/898b89c90ff9496e64b9331040778cc4e1b28c9d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a04a760c06bb591989db659439efdf106f0bae76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6552e0503973daf6f23bd6ed9273ef131ee364f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d34776c7fa1f2c510f1cdd14823aba701babb4ad"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31510.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31510"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "summary": "Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb"
}