Description
In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()

Add the same NULL guard already present in
l2cap_sock_resume_cb() and l2cap_sock_ready_cb().
Published: 2026-05-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference exists in the function that retrieves the Bluetooth L2CAP socket send timeout. When this function is invoked with a null or unexpected pointer, the kernel will crash, resulting in a denial of service. The bug is a classic example of a null pointer dereference and does not provide an attack vector for code execution.

Affected Systems

All Linux kernel builds that include the Bluetooth L2CAP stack and have not yet integrated the patch that adds a NULL guard to l2cap_sock_get_sndtimeo_cb(). This encompasses any distribution using the standard Linux kernel Bluetooth implementation.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score of less than 1% shows a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, indicating no known exploits in the wild. Based on the description, it is inferred that the flaw can be triggered by malformed Bluetooth packets attempting to invoke the send timeout function; however, the actual likelihood of exploitation remains low given the available metrics.

Generated by OpenCVE AI on May 28, 2026 at 02:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the patch adding the NULL guard to l2cap_sock_get_sndtimeo_cb().
  • Apply the patch manually from the upstream kernel source if a kernel update is not immediately available.
  • Disable or restrict the Bluetooth service until a patched kernel is deployed to mitigate exposure.

Generated by OpenCVE AI on May 28, 2026 at 02:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 26 May 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Tue, 26 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb() Add the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb().
Title Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:45:57.724Z

Reserved: 2026-05-13T15:03:33.077Z

Link: CVE-2026-45836

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T17:16:50.813

Modified: 2026-06-01T17:17:11.710

Link: CVE-2026-45836

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-26T00:00:00Z

Links: CVE-2026-45836 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T02:15:04Z

Weaknesses