CVE-2026-31408

Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

References

Notes


      
Bugs

      
      
Status

      

	

	  Branch
	  Status
	

	
	

	  upstream
	  
	    
	    
	    released (7.0-rc6) [598dbba9919c5e36c54fe1709b557d64120cb94b]
	    
	  
	

	
	

	  7.0-upstream-stable
	  
	    
	    
	    N/A "Fixed before branching point"
	    
	  
	

	
	

	  6.19-upstream-stable
	  
	    
	    
	    released (6.19.11) [e76e8f0581ef555eacc11dbb095e602fb30a5361]
	    
	  
	

	
	

	  6.18-upstream-stable
	  
	    
	    
	    released (6.18.21) [7197462e90b8ce15caa1ae15d4bc2bb8cd21b11e]
	    
	  
	

	
	

	  6.12-upstream-stable
	  
	    
	    
	    released (6.12.80) [108b81514d8f2535eb16651495cefb2250528db3]
	    
	  
	

	
	

	  6.6-upstream-stable
	  
	    
	    
	    released (6.6.131) [45aaca995e4a7a05b272a58e7ab2fff4f611b8f1]
	    
	  
	

	
	

	  6.1-upstream-stable
	  
	    
	    
	    released (6.1.168) [b0a7da0e3f7442545f071499beb36374714bb9de]
	    
	  
	

	
	

	  5.10-upstream-stable
	  
	    
	    
	    needed
	    
	  
	

	
	

	  sid
	  
	    
	    
	    released (6.19.11-1)
	    
	  
	

	
	

	  6.12-trixie-security
	  
	    
	    
	    released (6.12.85-1)
	    
	  
	

	
	

	  6.1-bookworm-security
	  
	    
	    
	    released (6.1.170-1)
	    
	  
	

	
	

	  5.10-bullseye-security
	  
	    
	    
	    needed