SB2026050952 - Improper access control in Linux kernel bluetooth
Published: May 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper access control (CVE-ID: CVE-2026-43334)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass man-in-the-middle protection during Bluetooth pairing.
The vulnerability exists due to improper access control in the Bluetooth SMP pairing response handling when processing a pairing request. A remote attacker can initiate a pairing request that omits MITM requirements to bypass man-in-the-middle protection during Bluetooth pairing.
Exploitation is possible when the local side requires high security and the selected pairing method becomes inconsistent with the responder's security policy.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/01bb4045d2306c266178f49ce0c3576d237a3040
- https://git.kernel.org/stable/c/425a22c5373d4e1b46492ab869074ebeeade61f3
- https://git.kernel.org/stable/c/7ab69426e7ecbd18a222ee2ec87ca612d30197d7
- https://git.kernel.org/stable/c/91649c02c1baaa18cedf7fb425fa1f0f852c8183
- https://git.kernel.org/stable/c/c8ff0ca6508535bccabd81c5c9dcc63de8a3d4fb
- https://git.kernel.org/stable/c/d05111bfe37bfd8bd4d2dfe6675d6bdeef43f7c7
- https://git.kernel.org/stable/c/ec17efb1ef91506cfd17a77692eaf4bbacb520ea
- https://git.kernel.org/stable/c/fa14e0e19820b1bbdb42185c9c4efa950bcffef9