Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

Vulnerability IntelligenceCVE-2026-43134

CVE-2026-43134

HIGH8.1

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

Published May 6, 2026

Modified 1 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE.

References

WEB

https://git.kernel.org/stable/c/138d7eca445ef37a0333425d269ee59900ca1104

WEB

https://git.kernel.org/stable/c/335071c0c3637064ec250481f589075db44fe4e6

WEB

https://git.kernel.org/stable/c/481ea39b342c347b6ac029f3d418486280be4e45

WEB

https://git.kernel.org/stable/c/8dd43f9a9323f9c01bc8246da8d81a4c783c9e97

WEB

https://git.kernel.org/stable/c/9118601ff90b79e8df3c0c98f48ae00c1b02ecef

WEB

https://git.kernel.org/stable/c/96581749c7c14fbec32c35728520867929600041

WEB

https://git.kernel.org/stable/c/ec91078e132179b04e0c3906b599816c056ceaad

WEB

https://git.kernel.org/stable/c/fa6ad76fa8623c0a50d529cd5726fa5d819a3be4

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2026-43134

CVSS Analysis

CVSS v3.1

8.1

Exploitability

Attack Vector

AdjacentAV:A

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

NoneA:N

8.1/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Ecosystems

Timeline

PublishedMay 6, 2026

ModifiedMay 11, 2026

CVE-2026-43134 | Mondoo Vulnerability Intelligence