Fedora Account System
Red Hat Associate
Red Hat Customer
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_lock() but immediately releases the lock without holding a reference to the socket. A concurrent close() can free the socket between the lock release and the subsequent sk->sk_state access, resulting in a use-after-free. Other functions in the same file (sco_sock_timeout(), sco_conn_del()) correctly use sco_sock_hold() to safely hold a reference under the lock. Fix by using sco_sock_hold() to take a reference before releasing the lock, and adding sock_put() on all exit paths.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026040629-CVE-2026-31408-9f0f@gregkh/T
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19569 https://access.redhat.com/errata/RHSA-2026:19569
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:21556 https://access.redhat.com/errata/RHSA-2026:21556
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:21706 https://access.redhat.com/errata/RHSA-2026:21706
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:21745 https://access.redhat.com/errata/RHSA-2026:21745
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:35894 https://access.redhat.com/errata/RHSA-2026:35894
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:35904 https://access.redhat.com/errata/RHSA-2026:35904
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:35896 https://access.redhat.com/errata/RHSA-2026:35896
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:36073 https://access.redhat.com/errata/RHSA-2026:36073
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:36767 https://access.redhat.com/errata/RHSA-2026:36767
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:38902 https://access.redhat.com/errata/RHSA-2026:38902
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:39371 https://access.redhat.com/errata/RHSA-2026:39371
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:40760 https://access.redhat.com/errata/RHSA-2026:40760