HIGHCVE-2026-43134Published Modified CNA Linux
CVE-2026-43134: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
0138d7eca445ef37a0333425d269ee59900ca1104335071c0c3637064ec250481f589075db44fe4e6481ea39b342c347b6ac029f3d418486280be4e455.10.2525.15.2026.1.1656.6.1286.12.756.18.166.19.67.08dd43f9a9323f9c01bc8246da8d81a4c783c9e979118601ff90b79e8df3c0c98f48ae00c1b02ecef96581749c7c14fbec32c35728520867929600041ec91078e132179b04e0c3906b599816c056ceaadfa6ad76fa8623c0a50d529cd5726fa5d819a3be4
Affected packages
- Linux / Linux< 335071c0c3637064ec250481f589075db44fe4e6 (from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d) · < fa6ad76fa8623c0a50d529cd5726fa5d819a3be4 (from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d) · < 9118601ff90b79e8df3c0c98f48ae00c1b02ecef (from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d) · < 481ea39b342c347b6ac029f3d418486280be4e45 (from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d) · < ec91078e132179b04e0c3906b599816c056ceaad (from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d) · < 96581749c7c14fbec32c35728520867929600041 (from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d)
- Linux / Linux3.14Fixed in 0, 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N