📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global supply_chain Software Development and Technology HIGH 1h Global apt Government/Critical Infrastructure CRITICAL 3h Global vulnerability Enterprise Software / Data Analytics CRITICAL 3h Global vulnerability Artificial Intelligence and Technology HIGH 7h Global general Technology and Artificial Intelligence MEDIUM 10h Global general Technology and Artificial Intelligence HIGH 11h Global vulnerability Higher Education CRITICAL 20h Global data_breach Government HIGH 21h Global supply_chain Software Development and Open Source Communities CRITICAL 21h Global malware Software Development CRITICAL 21h Global supply_chain Software Development and Technology HIGH 1h Global apt Government/Critical Infrastructure CRITICAL 3h Global vulnerability Enterprise Software / Data Analytics CRITICAL 3h Global vulnerability Artificial Intelligence and Technology HIGH 7h Global general Technology and Artificial Intelligence MEDIUM 10h Global general Technology and Artificial Intelligence HIGH 11h Global vulnerability Higher Education CRITICAL 20h Global data_breach Government HIGH 21h Global supply_chain Software Development and Open Source Communities CRITICAL 21h Global malware Software Development CRITICAL 21h Global supply_chain Software Development and Technology HIGH 1h Global apt Government/Critical Infrastructure CRITICAL 3h Global vulnerability Enterprise Software / Data Analytics CRITICAL 3h Global vulnerability Artificial Intelligence and Technology HIGH 7h Global general Technology and Artificial Intelligence MEDIUM 10h Global general Technology and Artificial Intelligence HIGH 11h Global vulnerability Higher Education CRITICAL 20h Global data_breach Government HIGH 21h Global supply_chain Software Development and Open Source Communities CRITICAL 21h Global malware Software Development CRITICAL 21h
Vulnerabilities

CVE-2026-31500

High
CWE-416 — Weakness Type
Published: Apr 22, 2026  ·  Modified: Apr 29, 2026  ·  Source: NVD
CVSS v3
7.8
🔗 NVD Official
📄 Description (English)

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock

btintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET
and Intel exception-info retrieval) without holding
hci_req_sync_lock(). This lets it race against
hci_dev_do_close() -> btintel_shutdown_combined(), which also runs
__hci_cmd_sync() under the same lock. When both paths manipulate
hdev->req_status/req_rsp concurrently, the close path may free the
response skb first, and the still-running hw_error path hits a
slab-use-after-free in kfree_skb().

Wrap the whole recovery sequence in hci_req_sync_lock/unlock so it
is serialized with every other synchronous HCI command issuer.

Below is the data race report and the kasan report:

BUG: data-race in __hci_cmd_sync_sk / btintel_shutdown_combined

read of hdev->req_rsp at net/bluetooth/hci_sync.c:199
by task kworker/u17:1/83:
__hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200
__hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223
btintel_hw_error+0x114/0x670 drivers/bluetooth/btintel.c:254
hci_error_reset+0x348/0xa30 net/bluetooth/hci_core.c:1030

write/free by task ioctl/22580:
btintel_shutdown_combined+0xd0/0x360
drivers/bluetooth/btintel.c:3648
hci_dev_close_sync+0x9ae/0x2c10 net/bluetooth/hci_sync.c:5246
hci_dev_do_close+0x232/0x460 net/bluetooth/hci_core.c:526

BUG: KASAN: slab-use-after-free in
sk_skb_reason_drop+0x43/0x380 net/core/skbuff.c:1202
Read of size 4 at addr ffff888144a738dc
by task kworker/u17:1/83:
__hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200
__hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223
btintel_hw_error+0x186/0x670 drivers/bluetooth/btintel.c:260

🤖 AI Executive Summary

CVE-2026-31500 is a use-after-free vulnerability in the Linux kernel's Bluetooth Intel driver (btintel) affecting kernel versions 4.3 through 7.0-rc5. The vulnerability occurs when btintel_hw_error() races with hci_dev_do_close(), causing concurrent manipulation of HCI request structures without proper synchronization. This can lead to kernel crashes and potential code execution on systems with Intel Bluetooth devices.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 29, 2026 13:27
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily affects Saudi organizations running Linux-based infrastructure with Intel Bluetooth devices. High-risk sectors include: (1) Government agencies and NCA using Linux servers with Bluetooth connectivity; (2) Banking sector (SAMA-regulated) utilizing Linux infrastructure for payment systems and network management; (3) Telecommunications providers (STC, Mobily) operating Linux-based network equipment; (4) Healthcare institutions using Linux servers with Bluetooth medical devices; (5) Energy sector (ARAMCO) operating industrial control systems on Linux. The vulnerability enables local denial of service and potential privilege escalation on affected systems.
🏢 Affected Saudi Sectors
Government Banking Telecommunications Healthcare Energy Defense
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all Linux systems running kernel versions 4.3-7.0-rc5 with Intel Bluetooth devices using: uname -r && lsusb | grep -i intel

2. Disable Bluetooth on non-essential systems: systemctl disable bluetooth && systemctl stop bluetooth

3. Restrict physical access to systems with Intel Bluetooth devices



PATCHING GUIDANCE:

1. Update to Linux kernel 7.0 final release or later when available

2. For RHEL/CentOS: Apply security updates via yum update kernel

3. For Ubuntu: Run apt update && apt upgrade linux-image-generic

4. For Debian: Apply kernel updates from security.debian.org

5. Reboot systems after kernel updates



COMPENSATING CONTROLS (if immediate patching unavailable):

1. Disable Intel Bluetooth driver: echo 'blacklist btintel' >> /etc/modprobe.d/blacklist.conf

2. Implement strict access controls to Bluetooth-enabled systems

3. Monitor system logs for kernel panics: journalctl -p err -n 50

4. Use SELinux/AppArmor to restrict Bluetooth operations



DETECTION RULES:

1. Monitor kernel logs for 'slab-use-after-free' and 'btintel' messages

2. Alert on unexpected kernel panics on systems with Intel Bluetooth

3. Track Bluetooth device connection/disconnection patterns for anomalies

4. Monitor for repeated HCI command timeouts in dmesg
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تحديد جميع أنظمة Linux التي تعمل بإصدارات النواة 4.3-7.0-rc5 مع أجهزة Bluetooth من Intel باستخدام: uname -r && lsusb | grep -i intel

2. تعطيل Bluetooth على الأنظمة غير الأساسية: systemctl disable bluetooth && systemctl stop bluetooth

3. تقييد الوصول المادي للأنظمة التي تحتوي على أجهزة Bluetooth من Intel



إرشادات التصحيح:

1. التحديث إلى إصدار Linux kernel 7.0 النهائي أو أحدث عند توفره

2. لـ RHEL/CentOS: تطبيق التحديثات الأمنية عبر yum update kernel

3. لـ Ubuntu: تشغيل apt update && apt upgrade linux-image-generic

4. لـ Debian: تطبيق تحديثات النواة من security.debian.org

5. إعادة تشغيل الأنظمة بعد تحديثات النواة



الضوابط البديلة (إذا لم يكن التصحيح الفوري متاحاً):

1. تعطيل برنامج تشغيل Intel Bluetooth: echo 'blacklist btintel' >> /etc/modprobe.d/blacklist.conf

2. تنفيذ ضوابط وصول صارمة للأنظمة المفعلة لـ Bluetooth

3. مراقبة سجلات النظام للتعطل: journalctl -p err -n 50

4. استخدام SELinux/AppArmor لتقييد عمليات Bluetooth



قواعد الكشف:

1. مراقبة سجلات النواة للرسائل 'slab-use-after-free' و 'btintel'

2. التنبيه على توقف النواة غير المتوقع على الأنظمة التي تحتوي على Bluetooth من Intel

3. تتبع أنماط الاتصال/قطع الاتصال لأجهزة Bluetooth للكشف عن الشذوذ

4. مراقبة انتهاء مهلة أوامر HCI المتكررة في dmesg
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.3.1 - Configuration management
🔵 SAMA CSF
ID.RA-1 - Asset management and vulnerability identification PR.IP-12 - System and information integrity DE.CM-8 - Vulnerability scans
🟡 ISO 27001:2022
A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development policy A.12.3.1 - Configuration management A.12.2.1 - Change management procedures
🟣 PCI DSS v4.0.1
6.2 - Security patches and updates 11.2 - Vulnerability scanning
📦 Affected Products / CPE 12 entries
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel
linux:linux_kernel:4.3
linux:linux_kernel:7.0
linux:linux_kernel:7.0
linux:linux_kernel:7.0
linux:linux_kernel:7.0
linux:linux_kernel:7.0
linux:linux_kernel:7.0
linux:linux_kernel:7.0
📊 CVSS Score
7.8
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorL — Low / Local
Attack ComplexityL — Low / Local
Privileges RequiredL — Low / Local
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityH — High
IntegrityH — High
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score7.8
CWECWE-416
EPSS0.02%
Exploit No
Patch ✓ Yes
Published 2026-04-22
Source Feed nvd
Views 1
🇸🇦 Saudi Risk Score
7.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
patch-available CWE-416
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.