Improper input validation in Linux kernel - CVE-2026-43017
Published: May 2, 2026
Vulnerability identifier: #VU128900
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43017
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the Bluetooth MGMT mesh send handler when processing a crafted MGMT_OP_MESH_SEND command. A local user can send a specially crafted command with a truncated advertising payload length to cause a denial of service.
The issue arises because the supplied flexible adv_data[] array bytes may not match the embedded adv_data_len field, allowing the async mesh send path to read past the end of the queued command buffer.
How to mitigate CVE-2026-43017
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0b706fb2294aff3adfd54653bda1b5e356ad4566
- https://git.kernel.org/stable/c/244b639e6a3a8e26241e201004a3a9f764476631
- https://git.kernel.org/stable/c/24fa32369cf15d8fc918bdfe94097b12e6acada0
- https://git.kernel.org/stable/c/562ed1954f0c1bff3422b7b752bd3dacf185edbf
- https://git.kernel.org/stable/c/bda93eec78cdbfe5cda00785cefebd443e56b88b
- https://git.kernel.org/stable/c/edb5898cfa91afe7e8f83eda18d93034c953d632