Bluetooth Mesh Advertising Payload Vulnerability in Linux Kernel
CVE-2026-43017

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43017?

A vulnerability exists in the Linux kernel's Bluetooth stack, specifically related to the handling of mesh advertising payloads. The function mesh_send() fails to validate that the length of the flexible adv_data[] array corresponds correctly with the embedded adv_data_len field. While the system checks the total command length against a predefined range, this does not prevent malicious actors from exploiting truncated commands. If improperly validated, these commands can exceed the bounds of the command buffer. The vulnerability necessitates stricter checks to ensure that both the command length and the adv_data_len are accurately matched before the request is queued, maintaining robust system integrity against potential payload manipulation.

Affected Version(s)

Linux b338d91703fae6f6afd67f3f75caa3b8f36ddef3 < 24fa32369cf15d8fc918bdfe94097b12e6acada0

Linux b338d91703fae6f6afd67f3f75caa3b8f36ddef3 < 244b639e6a3a8e26241e201004a3a9f764476631

Linux b338d91703fae6f6afd67f3f75caa3b8f36ddef3 < 0b706fb2294aff3adfd54653bda1b5e356ad4566

References

https://git.kernel.org/stable/c/24fa32369cf15d8fc918bdfe9...

https://git.kernel.org/stable/c/244b639e6a3a8e26241e20100...

https://git.kernel.org/stable/c/0b706fb2294aff3adfd54653b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43017 Data

JSON