CVE-2026-43134 PUBLISHED

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

Assigner: Linux
Reserved: 01.05.2026 Published: 06.05.2026 Updated: 06.05.2026

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d to 335071c0c3637064ec250481f589075db44fe4e6 (excl.)
  • affected from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d to fa6ad76fa8623c0a50d529cd5726fa5d819a3be4 (excl.)
  • affected from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d to 9118601ff90b79e8df3c0c98f48ae00c1b02ecef (excl.)
  • affected from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d to 481ea39b342c347b6ac029f3d418486280be4e45 (excl.)
  • affected from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d to ec91078e132179b04e0c3906b599816c056ceaad (excl.)
  • affected from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d to 96581749c7c14fbec32c35728520867929600041 (excl.)
  • affected from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d to 8dd43f9a9323f9c01bc8246da8d81a4c783c9e97 (excl.)
  • affected from 27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d to 138d7eca445ef37a0333425d269ee59900ca1104 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 3.14 is affected
  • unaffected from 0 to 3.14 (excl.)
  • unaffected from 5.10.252 to 5.10.* (incl.)
  • unaffected from 5.15.202 to 5.15.* (incl.)
  • unaffected from 6.1.165 to 6.1.* (incl.)
  • unaffected from 6.6.128 to 6.6.* (incl.)
  • unaffected from 6.12.75 to 6.12.* (incl.)
  • unaffected from 6.18.16 to 6.18.* (incl.)
  • unaffected from 6.19.6 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References