CVE-2026-43134

HIGH

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE.

References (8)

Core 8

Core References

https://git.kernel.org/stable/c/335071c0c3637064ec250481f589075db44fe4e6

https://git.kernel.org/stable/c/fa6ad76fa8623c0a50d529cd5726fa5d819a3be4

https://git.kernel.org/stable/c/9118601ff90b79e8df3c0c98f48ae00c1b02ecef

https://git.kernel.org/stable/c/481ea39b342c347b6ac029f3d418486280be4e45

https://git.kernel.org/stable/c/ec91078e132179b04e0c3906b599816c056ceaad

https://git.kernel.org/stable/c/96581749c7c14fbec32c35728520867929600041

https://git.kernel.org/stable/c/8dd43f9a9323f9c01bc8246da8d81a4c783c9e97

https://git.kernel.org/stable/c/138d7eca445ef37a0333425d269ee59900ca1104

Scores

CVSS v3 8.1

EPSS 0.0001

EPSS Percentile 2.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Status published

Products (20)

Linux/Linux < 3.14

Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - 138d7eca445ef37a0333425d269ee59900ca1104

Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - 335071c0c3637064ec250481f589075db44fe4e6

Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - 481ea39b342c347b6ac029f3d418486280be4e45

Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - 8dd43f9a9323f9c01bc8246da8d81a4c783c9e97

Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - 9118601ff90b79e8df3c0c98f48ae00c1b02ecef

Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - 96581749c7c14fbec32c35728520867929600041

Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - ec91078e132179b04e0c3906b599816c056ceaad

Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - fa6ad76fa8623c0a50d529cd5726fa5d819a3be4

Linux/Linux 3.14

... and 10 more

Published May 06, 2026

Tracked Since May 06, 2026