What is GHSA-2286-mwvj-8983?

GHSA-2286-mwvj-8983 is a security advisory published by GitHub Security Advisories with Medium severity. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error...

Which CVE IDs does GHSA-2286-mwvj-8983 cover?

GHSA-2286-mwvj-8983 covers the following CVE IDs: CVE-2026-23299. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-2286-mwvj-8983?

GHSA-2286-mwvj-8983 has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-2286-mwvj-8983MediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error...

Vendor

GitHub Security Advisories

Published

March 25, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-23299 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: purge error queues in socket destructors

When TX timestamping is enabled via SO_TIMESTAMPING, SKBs may be queued into sk_error_queue and will stay there until consumed. If userspace never gets to read the timestamps, or if the controller is removed unexpectedly, these SKBs will leak.

Fix by adding skb_queue_purge() calls for sk_error_queue in affected bluetooth destructors. RFCOMM does not currently use sk_error_queue.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-23299
https://git.kernel.org/stable/c/21e4271e65094172aadd5beb8caea95dd0fbf6d7
https://git.kernel.org/stable/c/2b6c942a526635f5c61d2f000258e620da32d3a7
https://git.kernel.org/stable/c/3de7c10a950b36affc692d8bd2ac713852580e56
https://github.com/advisories/GHSA-2286-mwvj-8983