The flaw exists in the Bluetooth eir_create_adv_data function, which may attempt to add EIR_FLAGS and EIR_TX_POWER entries to an advertising payload without verifying that the buffer has enough space. This lack of bounds checking can cause the kernel Bluetooth stack to crash, leading to a local denial‑of‑service condition for Bluetooth services. No specific CWE is identified in the advisory, but the behavior reflects a classic buffer overflow scenario.

The vulnerability applies to all Linux kernel releases that include the eir_create_adv_data implementation, as indicated by the CPE entries for the Linux kernel and the 6.16 release candidate. Systems that load the kernel module for Bluetooth and expose advertising services are at risk. Any installation of the Linux kernel that has not been updated to the patched version can be affected.

The CVSS score of 5.5 indicates moderate damage to availability. The EPSS score of less than 1 % suggests a low probability of exploitation, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the most likely attack vector would involve an attacker controlling privileged processes that construct Bluetooth advertising packets, or exploiting device drivers that pass malformed data to the kernel. Exploitation would result in a crash of the Bluetooth stack but would not grant arbitrary code execution or compromise system integrity.