7.8

CVE-2026-43020

Bluetooth: MGMT: validate LTK enc_size on load

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: validate LTK enc_size on load

Load Long Term Keys stores the user-provided enc_size and later uses
it to size fixed-size stack operations when replying to LE LTK
requests. An enc_size larger than the 16-byte key buffer can therefore
overflow the reply stack buffer.

Reject oversized enc_size values while validating the management LTK
record so invalid keys never reach the stored key state.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.4 < 5.10.253
LinuxLinux Kernel Version >= 5.11 < 5.15.203
LinuxLinux Kernel Version >= 5.16 < 6.1.168
LinuxLinux Kernel Version >= 6.2 < 6.6.134
LinuxLinux Kernel Version >= 6.7 < 6.12.81
LinuxLinux Kernel Version >= 6.13 < 6.18.22
LinuxLinux Kernel Version >= 6.19 < 6.19.12
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.029
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/0f37d1e65c6d71ad94ccfb5c602163c525db789d
Patch
https://git.kernel.org/stable/c/257cdb960d8ff6d60bb6461b03c814b6cf0c9e64
Patch
https://git.kernel.org/stable/c/c34577f517b556fb6ca173d45bf7e766ae2564ce
Patch
https://git.kernel.org/stable/c/f71695e81f4cb428f3c7e2138eae88199005b52c
Patch
https://git.kernel.org/stable/c/82f342b3b006ca1d65f4890c05f2ec32fcb808b6
Patch
https://git.kernel.org/stable/c/50fb64defa72a3fecd0af1ca7c6b47b5c5c2b257
Patch
https://git.kernel.org/stable/c/40ba329e8b4cd2fb11b0caf5e6a543ceaebb6009
Patch
https://git.kernel.org/stable/c/b8dbe9648d69059cfe3a28917bfbf7e61efd7f15
Patch