CVE-2026-23299

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: purge error queues in socket destructors<br /> <br /> When TX timestamping is enabled via SO_TIMESTAMPING, SKBs may be queued<br /> into sk_error_queue and will stay there until consumed. If userspace never<br /> gets to read the timestamps, or if the controller is removed unexpectedly,<br /> these SKBs will leak.<br /> <br /> Fix by adding skb_queue_purge() calls for sk_error_queue in affected<br /> bluetooth destructors. RFCOMM does not currently use sk_error_queue.