SB2026062663 - Out-of-bounds read in Linux kernel bluetooth bnep
Published: June 26, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-53253)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds read in bnep_rx_frame() and bnep_rx_control() in the BNEP packet parser when processing short BNEP frames. A remote attacker can send a specially crafted short BNEP SDU to cause a denial of service.
The issue is triggered by malformed control packets with missing fixed fields or an empty control payload.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0ef2ea86c82b2615902d085cd5a586fe9f58994f
- https://git.kernel.org/stable/c/2b83afb19293e4de700edae306115f18966dc4f9
- https://git.kernel.org/stable/c/6770d3a8acdf9151769180cc3710346c4cfbe6f0
- https://git.kernel.org/stable/c/691f14b6a48b637655755134f1e551c7c6fedc2e
- https://git.kernel.org/stable/c/be837cd09897e9e6e1958174501d467bdcbcc2bc
- https://git.kernel.org/stable/c/c893e17d2809ec9c4b3f1cdd5847cecbc27a311b
- https://git.kernel.org/stable/c/d76dec1a37122bc16d83d059c08c0512ea8de909