Buffer Overflow in Linux Kernel Bluetooth Management Layer
CVE-2026-43020

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43020?

A buffer overflow vulnerability exists in the Bluetooth management layer of the Linux kernel, where an attacker can exploit the handling of Long Term Keys (LTK). This vulnerability arises when the user-provided encryption size (enc_size) exceeds the fixed limit of a 16-byte key buffer. If oversized enc_size values are not properly rejected, it can lead to stack overflow during operations associated with LE LTK requests. This flaw necessitates that any enc_size exceeding the buffer capacity be validated to prevent invalid keys from jeopardizing the system's key storage state.

Affected Version(s)

Linux 346af67b8d116f01ef696fd47959a55deb2db8b6 < 0f37d1e65c6d71ad94ccfb5c602163c525db789d

Linux 346af67b8d116f01ef696fd47959a55deb2db8b6 < 257cdb960d8ff6d60bb6461b03c814b6cf0c9e64

Linux 346af67b8d116f01ef696fd47959a55deb2db8b6

References

https://git.kernel.org/stable/c/0f37d1e65c6d71ad94ccfb5c6...

https://git.kernel.org/stable/c/257cdb960d8ff6d60bb6461b0...

https://git.kernel.org/stable/c/c34577f517b556fb6ca173d45...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43020 Data

JSON