SB20260626127 - Stack-based buffer overflow in Linux kernel bluetooth
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Stack-based buffer overflow (CVE-ID: CVE-2026-53209)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a stack-based buffer overflow in hci_adv_bcast_annoucement() when rebuilding Bluetooth advertising data with a prepended Broadcast Announcement. A local user can trigger handling of an oversized advertising payload to cause a denial of service.
The issue occurs when an existing advertising instance already contains the maximum extended advertising payload.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/02f50e8bb69f9b22516163a09922f5537d3b12d1
- https://git.kernel.org/stable/c/10b0e832cc05d7aef4b92bed912cbd4a395d0862
- https://git.kernel.org/stable/c/1338ee049a8910ba6c9cee963920e978e6893c7d
- https://git.kernel.org/stable/c/5c65b96b549ea2dcfde497436bf9e048deb87758
- https://git.kernel.org/stable/c/cdd8bbdbee763fdf5bf343e6f7d4e79347739f62
- https://git.kernel.org/stable/c/dafc9f57140e66a10945127aa7433c3d715dc253