CVE-2026-43134
Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
Description
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE.
INFO
Published Date :
May 6, 2026, 12:16 p.m.
Last Modified :
May 8, 2026, 1:16 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
Solution
- Update the Linux kernel to the patched version.
- Ensure L2CAP_LE_CONN_REQ checks encryption key size.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-43134.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-43134 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-43134
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-43134 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-43134 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 08, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 06, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE. Added Reference https://git.kernel.org/stable/c/138d7eca445ef37a0333425d269ee59900ca1104 Added Reference https://git.kernel.org/stable/c/335071c0c3637064ec250481f589075db44fe4e6 Added Reference https://git.kernel.org/stable/c/481ea39b342c347b6ac029f3d418486280be4e45 Added Reference https://git.kernel.org/stable/c/8dd43f9a9323f9c01bc8246da8d81a4c783c9e97 Added Reference https://git.kernel.org/stable/c/9118601ff90b79e8df3c0c98f48ae00c1b02ecef Added Reference https://git.kernel.org/stable/c/96581749c7c14fbec32c35728520867929600041 Added Reference https://git.kernel.org/stable/c/ec91078e132179b04e0c3906b599816c056ceaad Added Reference https://git.kernel.org/stable/c/fa6ad76fa8623c0a50d529cd5726fa5d819a3be4