CVE-2026-43134

HIGH

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE.

Scores

CVSS v3 8.1
EPSS 0.0018
EPSS Percentile 7.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Status published
Products (27)
linux/Kernel 3.14.0 - 5.10.252linux
linux/Kernel 5.11.0 - 5.15.202linux
linux/Kernel 5.16.0 - 6.1.165linux
linux/Kernel 6.13.0 - 6.18.16linux
linux/Kernel 6.19.0 - 6.19.6linux
linux/Kernel 6.2.0 - 6.6.128linux
linux/Kernel 6.7.0 - 6.12.75linux
Linux/Linux < 3.14
Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - 138d7eca445ef37a0333425d269ee59900ca1104
Linux/Linux 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d - 335071c0c3637064ec250481f589075db44fe4e6
... and 17 more
Published May 06, 2026
Tracked Since May 06, 2026