Bluetooth Protocol L2CAP Vulnerability in Linux Kernel
CVE-2026-43062

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43062?

A vulnerability in the Bluetooth L2CAP protocol within the Linux kernel can lead to type confusion in packets. Specifically, the function l2cap_ecred_reconf_rsp() incorrectly casts incoming data to a type that accommodates a larger structure than intended. This misalignment results in valid L2CAP_ECRED_RECONF_RSP packets being improperly rejected and leads to potential data inconsistencies, as correct results may not be read from the expected offset in the data structure. A proper type usage fix has been implemented to resolve these issues, ensuring that data is handled correctly.

Affected Version(s)

Linux 15f02b91056253e8cdc592888f431da0731337b8 < 21d3ba696918d6373233aac0b9d51fcabdedddc0

Linux 15f02b91056253e8cdc592888f431da0731337b8 < 3b94e62caa1dc1198d0d55d97bd710da1dee15d7

Linux 15f02b91056253e8cdc592888f431da0731337b8 < 111f74547eee8cfedfb854284e80f35c8a491186

References

https://git.kernel.org/stable/c/21d3ba696918d6373233aac0b...

https://git.kernel.org/stable/c/3b94e62caa1dc1198d0d55d97...

https://git.kernel.org/stable/c/111f74547eee8cfedfb854284...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43062 Data

JSON