Bluetooth Vulnerability in Linux Kernel Affecting Multiple Distributions
CVE-2026-53255

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53255?

A vulnerability exists within the Linux kernel's Bluetooth management that may allow a malformed advertising data request to lead to out-of-bounds read operations. Specifically, the function tlv_data_is_valid() improperly validates the length of advertising data fields, enabling processing of an invalid request to access memory beyond allocated boundaries. This flaw can be triggered by an attacker sending a crafted MGMT_OP_ADD_ADVERTISING command, potentially leading to unauthorized access or system instability. Developers should ensure that robust validity checks are in place to prevent such exploitation.

Affected Version(s)

Linux 2bb36870e8cb29949ef9acec37129cd8e70f1857 < 13ad995071a06570668dd8daab3616c247c72080

Linux 2bb36870e8cb29949ef9acec37129cd8e70f1857 < 06fcbd79c3c360a50f9be9d370769bbd738d0976

Linux 2bb36870e8cb29949ef9acec37129cd8e70f1857

References

https://git.kernel.org/stable/c/13ad995071a06570668dd8daa...

https://git.kernel.org/stable/c/06fcbd79c3c360a50f9be9d37...

https://git.kernel.org/stable/c/f7093ac233c1e7f51d125534f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53255 Data

JSON