In the Linux kernel, the following vulnerability has been resolved:Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()bt_sock_alloc() allocates the sk object and attaches it to the providedsock object. On error l2cap_sock_alloc() frees the sk object, but thedangling pointer is still attached to the sock object, which may createuse-after-free in other code.
