Bluetooth Vulnerability in Linux Kernel Affecting Multiple Versions
CVE-2026-31512

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31512?

A vulnerability exists in the Bluetooth implementation of the Linux kernel, specifically within the L2CAP function. The function l2cap_ecred_data_rcv() fails to validate the length of the Protocol Data Unit (PDU) before reading the Service Data Unit (SDU) length. This oversight could lead to out-of-bounds read operations when the size of the socket buffer (skb) is less than the expected length, potentially allowing for the exploitation of memory corruption vulnerabilities. The issue has been rectified by implementing necessary checks to validate skb length prior to access, ensuring robust protection against such attacks.

Affected Version(s)

Linux aac23bf636593cc2d67144aed373a46a1a5f76b1

Linux aac23bf636593cc2d67144aed373a46a1a5f76b1 < 3340be2bafdcc806f048273ea6d8e82a6597aa1b

Linux aac23bf636593cc2d67144aed373a46a1a5f76b1

References

https://git.kernel.org/stable/c/cef09691cfb61f6c91cc27c3d...

https://git.kernel.org/stable/c/3340be2bafdcc806f048273ea...

https://git.kernel.org/stable/c/e47315b84d0eb188772c3ff5c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31512 Data

JSON