CVE-2026-53209

HIGH

Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hci_adv_bcast_annoucement() prepends the Broadcast Announcement service data to that payload, the combined data may no longer fit in the temporary buffer used to rebuild the advertising data. Reject that case before copying the existing payload and report the failure through the device log. This keeps the existing advertising data intact and avoids overrunning the temporary buffer.

Scores

CVSS v3 7.8
EPSS 0.0014
EPSS Percentile 3.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (27)
linux/Kernel < 6.1.176linux
linux/Kernel 6.13.0 - 6.18.36linux
linux/Kernel 6.16.0 - 7.0.13linux
linux/Kernel 6.2.0 - 6.6.143linux
linux/Kernel 6.7.0 - 6.12.94linux
Linux/Linux < 6.16
Linux/Linux 15da883c010cbc2a84aec1738b6ad6ee477846de
Linux/Linux 5725bc608252050ed8a4d47d59225b7dd73474c8 - 5c65b96b549ea2dcfde497436bf9e048deb87758
Linux/Linux 5725bc608252050ed8a4d47d59225b7dd73474c8 - cdd8bbdbee763fdf5bf343e6f7d4e79347739f62
Linux/Linux 5725bc608252050ed8a4d47d59225b7dd73474c8 - dafc9f57140e66a10945127aa7433c3d715dc253
... and 17 more
Published Jun 25, 2026
Tracked Since Jun 25, 2026