目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2026-53358— 蓝牙 L2CAP 在 cleanup_listen() 中利用 chan 定时器关闭通道的漏洞

AI 预测 4.9 利用难度: 中等

影响版本矩阵 18

厂商产品版本范围状态
LinuxLinux3df91ea20e744344100b10ae69a17211fcf5b207< 3634cbdc2eb414b69ffa752ddbe5e0458518e321affected
3df91ea20e744344100b10ae69a17211fcf5b207< e1c100e2d61bd8c718b7d91fe3e050780a9bf72daffected
3df91ea20e744344100b10ae69a17211fcf5b207< deb8493a8fa599f6c95e2465b12bfdfb7f94a1d9affected
3df91ea20e744344100b10ae69a17211fcf5b207< 89dec92041717b027216e110599e4f6d6c921b79affected
3df91ea20e744344100b10ae69a17211fcf5b207< 50dfec218808b148ab4247b1858031b7a32015c5affected
3df91ea20e744344100b10ae69a17211fcf5b207< 859d3ace791ed878ae9ba5522c7844d960da8f88affected
3df91ea20e744344100b10ae69a17211fcf5b207< 7555fd885a0603f50e49a655850a1f2bd8a25398affected
3df91ea20e744344100b10ae69a17211fcf5b207< 8c8e620467a7b51562dbcefbd1f09f288d7d710daffected
… +10 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2026-53358 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen()
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() l2cap_chan_close() removes the channel from conn->chan_l, which must be done under conn->lock. cleanup_listen() runs under the parent sk_lock, so acquiring conn->lock would invert the established conn->lock -> chan->lock -> sk_lock order. Instead of calling l2cap_chan_close() directly, schedule l2cap_chan_timeout with delay 0 to close the channel asynchronously. The timeout handler already acquires conn->lock and chan->lock in the correct order. The timer is only armed when chan->conn is still set: if it is already NULL, l2cap_conn_del() has already processed this channel (l2cap_chan_del + l2cap_sock_teardown_cb + l2cap_sock_close_cb), so there is nothing left to do. If l2cap_conn_del() races in after the timer is armed, __clear_chan_timer() inside l2cap_chan_del() cancels it; if the timer has already fired, the handler returns harmlessly because chan->conn was cleared.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 3df91ea20e744344100b10ae69a17211fcf5b207 ~ 3634cbdc2eb414b69ffa752ddbe5e0458518e321 -
LinuxLinux 3.4 -

二、漏洞 CVE-2026-53358 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2026-53358 的情报信息

登录查看更多情报信息。

CVE-2026-53358 补丁与修复 (7)

IV. Related Vulnerabilities

V. Comments for CVE-2026-53358

暂无评论


发表评论