Description
In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

This adds a check for encryption key size upon receiving
L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
expects L2CAP_CR_LE_BAD_KEY_SIZE.
Published: 2026-05-06
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s Bluetooth L2CAP module lacks validation of the encryption key size when it receives an L2CAP_LE_CONN_REQ. This omission allows a remote party to embed an illegal or weak key length into a connection request, which the kernel would accept and use for establishing a secure channel. The result is that a BLE link could operate with sub‑optimal encryption, exposing the confidentiality and integrity of the traffic over that link.

Affected Systems

Any Linux kernel build that predates the commit adding the key‑size check is vulnerable. This includes all distributions that ship an unpatched kernel, regardless of version, as no specific release range is provided in the advisory.

Risk and Exploitability

The flaw is triggered whenever a Bluetooth controller processes an L2CAP_LE_CONN_REQ, so a nearby device equipped with Bluetooth can transmit a crafted request to exploit it. The CVSS score of 7.0 indicates moderate‑to‑high severity, but the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. The most likely attack vector is a remote Bluetooth‑enabled device that can send a malformed packet, leading to a link that operates with a weak or malformed encryption key and potentially allowing eavesdropping or tampering.

Generated by OpenCVE AI on May 7, 2026 at 04:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that contains the commit adding key‑size validation for L2CAP_LE_CONN_REQ.
  • If an upgrade cannot be performed immediately, disable or unload the kernel Bluetooth subsystem to prevent external connection attempts.
  • Limit incoming Bluetooth connections to trusted devices by configuring the host firewall or Bluetooth manager, thereby reducing exposure until the patch is applied.

Generated by OpenCVE AI on May 7, 2026 at 04:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-613

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-613

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE.
Title Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:27:21.541Z

Reserved: 2026-05-01T14:12:55.988Z

Link: CVE-2026-43134

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:30.617

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43134

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43134 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T04:30:21Z

Weaknesses