Impact
A vulnerable Linux kernel allows a Bluetooth Network Encapsulation Protocol peer to send a truncated BNEP service data unit. The kernel incorrectly assumes that control packet fields are present and dereferences bytes that do not exist, leading to an out‑of‑bounds read. This memory corruption can crash the kernel.
Affected Systems
All Linux systems running kernel versions that have not been patched to include the BNEP short‑frame rejection logic. The affected binary is the Linux kernel, specifically the Bluetooth BNEP module; vendor is Linux and product is the Linux kernel. No specific version information is supplied in the advisory, so any kernel prior to at risk.
Risk and Exploitability
Based on the description, it is inferred that the likely attack vector is an attacker establishing a Bluetooth connection to the vulnerable host and sending a crafted short frame. The CVSS score of 7.1 indicates a high severity classification. Because the flaw occurs in kernel space, it is inferred that successful exploitation could lead to a denial of service. The EPSS score of <1% indicates a very low but non‑zero exploitation probability. The vulnerability is not listed in the CISA KEV catalog, so no known publicly exploited incidents are documented.
OpenCVE Enrichment
Debian DLA