CVE-2026-43134 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ

This adds a check for encryption key size upon receiving
L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which
expects L2CAP_CR_LE_BAD_KEY_SIZE.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d`	affected	< 335071c0c3637064ec250481f589075db44fe4e6
`27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d`	affected	< fa6ad76fa8623c0a50d529cd5726fa5d819a3be4
`27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d`	affected	< 9118601ff90b79e8df3c0c98f48ae00c1b02ecef
`27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d`	affected	< 481ea39b342c347b6ac029f3d418486280be4e45
`27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d`	affected	< ec91078e132179b04e0c3906b599816c056ceaad
`27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d`	affected	< 96581749c7c14fbec32c35728520867929600041
`27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d`	affected	< 8dd43f9a9323f9c01bc8246da8d81a4c783c9e97
`27e2d4c8d28be1d1b4ecfbffab572d7dbd35254d`	affected	< 138d7eca445ef37a0333425d269ee59900ca1104

Linux

affected

Version	Status	Constraints
`3.14`	affected	—
`0`	unaffected	< 3.14
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/138d7eca445ef37a0333425d269ee59900ca1104
https://git.kernel.org/stable/c/335071c0c3637064ec250481f589075db44fe4e6
https://git.kernel.org/stable/c/481ea39b342c347b6ac029f3d418486280be4e45
https://git.kernel.org/stable/c/8dd43f9a9323f9c01bc8246da8d81a4c783c9e97
https://git.kernel.org/stable/c/9118601ff90b79e8df3c0c98f48ae00c1b02ecef
https://git.kernel.org/stable/c/96581749c7c14fbec32c35728520867929600041
https://git.kernel.org/stable/c/ec91078e132179b04e0c3906b599816c056ceaad
https://git.kernel.org/stable/c/fa6ad76fa8623c0a50d529cd5726fa5d819a3be4
https://lore.kernel.org/linux-cve-announce/2026050622-CVE-2026-43134-ce6b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43134
https://www.cve.org/CVERecord?id=CVE-2026-43134

History

Thu, 07 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20 CWE-613

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1284
References		https://lore.kernel.org/linux-cve-announce/2026050622-CVE-2026-43134-ce6b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43134 https://www.cve.org/CVERecord?id=CVE-2026-43134
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 06 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20 CWE-613

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ This adds a check for encryption key size upon receiving L2CAP_LE_CONN_REQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAP_CR_LE_BAD_KEY_SIZE.
Title		Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/138d7eca445ef37a0333425d269ee59900ca1104 https://git.kernel.org/stable/c/335071c0c3637064ec250481f589075db44fe4e6 https://git.kernel.org/stable/c/481ea39b342c347b6ac029f3d418486280be4e45 https://git.kernel.org/stable/c/8dd43f9a9323f9c01bc8246da8d81a4c783c9e97 https://git.kernel.org/stable/c/9118601ff90b79e8df3c0c98f48ae00c1b02ecef https://git.kernel.org/stable/c/96581749c7c14fbec32c35728520867929600041 https://git.kernel.org/stable/c/ec91078e132179b04e0c3906b599816c056ceaad https://git.kernel.org/stable/c/fa6ad76fa8623c0a50d529cd5726fa5d819a3be4

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:27:21.541Z

Updated: 2026-05-06T11:27:21.541Z

Reserved: 2026-05-01T14:12:55.988Z

Link: CVE-2026-43134

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:30.617

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43134

Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43134 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-07T04:30:21Z

Weaknesses

CWE-1284

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object