Out-of-bounds Read Vulnerability in Linux Kernel Bluetooth RFCOMM Handler
CVE-2026-53254

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53254?

A vulnerability exists in the Bluetooth functionality of the Linux kernel, specifically within the RFCOMM MCC handlers. This flaw arises from the failure to validate the length of incoming data packets (skb->len) prior to processing. An attacker using a malicious remote device can send truncated MCC frames, leading to out-of-bounds reads. To mitigate this risk, the implementation has been updated to ensure proper length verification through skb_pull_data() before any dereferencing occurs. Special consideration is given to the rfcomm_recv_rpn() function, which will validate the DLCI byte initially, and only perform comprehensive structure validation if the length exceeds one byte.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7c15c7c2878957cbfed93bcc29c13fdace464254

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0d637136ce89f9a2309b2c3502402ce400dab0ef

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 98377e6b1a1a56561ec66a181573ea2b61b2079e

References

https://git.kernel.org/stable/c/7c15c7c2878957cbfed93bcc2...

https://git.kernel.org/stable/c/0d637136ce89f9a2309b2c350...

https://git.kernel.org/stable/c/98377e6b1a1a56561ec66a181...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53254 Data

JSON