CVE-2026-31512

UNKNOWN 0.0

Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() l2cap_ecred_data_rcv() reads the SDU length field from skb->data using get_unaligned_le16() without first verifying that skb contains at least L2CAP_SDULEN_SIZE (2) bytes. When skb->len is less than 2, this reads past the valid data in the skb. The ERTM reassembly path correctly calls pskb_may_pull() before reading the SDU length (l2cap_reassemble_sdu, L2CAP_SAR_START case). Apply the same validation to the Enhanced Credit Based Flow Control data path.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Apr 22, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

aac23bf636593cc2d67144aed373a46a1a5f76b1 < cef09691cfb61f6c91cc27c3d69634f81c8ab949 aac23bf636593cc2d67144aed373a46a1a5f76b1 < 3340be2bafdcc806f048273ea6d8e82a6597aa1b aac23bf636593cc2d67144aed373a46a1a5f76b1 < e47315b84d0eb188772c3ff5cf073cdbdefca6b4 aac23bf636593cc2d67144aed373a46a1a5f76b1 < 477ad4976072056c348937e94f24583321938df4 aac23bf636593cc2d67144aed373a46a1a5f76b1 < 40c7f7eea2f4d9cb0b3e924254c8c9053372168f aac23bf636593cc2d67144aed373a46a1a5f76b1 < 8c96f3bd4ae0802db90630be8e9851827e9c9209 aac23bf636593cc2d67144aed373a46a1a5f76b1 < 5ad981249be52f5e4e92e0e97b436b569071cb86 aac23bf636593cc2d67144aed373a46a1a5f76b1 < c65bd945d1c08c3db756821b6bf9f1c4a77b29c6

Linux / Linux

3.14

References

NVD ↗ CVE.org ↗ EPSS Data ↗