SB2026032550 - Out-of-bounds write in Linux kernel bluetooth
Published: March 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-23395)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the Bluetooth L2CAP component when handling L2CAP_ECRED_CONN_REQ packets. A remote attacker can send a specially crafted sequence of L2CAP connection requests with the same command identifier to cause an overflow in channel allocation, leading to a denial of service.
Exploitation requires proximity to initiate a Bluetooth connection. The issue arises from failure to check for duplicate command identifiers during Enhanced Credit Control connection setup.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2124d82fd25e1671bb3ceb37998af5aae5903e06
- https://git.kernel.org/stable/c/5b3e2052334f2ff6d5200e952f4aa66994d09899
- https://git.kernel.org/stable/c/6b949a6b33cbdf621d9fc6f0c48ac00915dbf514
- https://git.kernel.org/stable/c/8d0d94f8ba5b3a0beec3b0da558b9bea48018117
- https://git.kernel.org/stable/c/e72ee455297b794b852e5cea8d2d7bb17312172a
- https://git.kernel.org/stable/c/fb4a3a26483f3ea2cd21c7a2f7c45d5670600465