Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-43017
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-01 May, 2026 | 14:15
Updated At-11 May, 2026 | 22:16
Rejected At-
▼CVE Numbering Authority (CNA)
Bluetooth: MGMT: validate mesh send advertising payload length

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length mesh_send() currently bounds MGMT_OP_MESH_SEND by total command length, but it never verifies that the bytes supplied for the flexible adv_data[] array actually match the embedded adv_data_len field. MGMT_MESH_SEND_SIZE only covers the fixed header, so a truncated command can still pass the existing 20..50 byte range check and later drive the async mesh send path past the end of the queued command buffer. Keep rejecting zero-length and oversized advertising payloads, but validate adv_data_len explicitly and require the command length to exactly match the flexible array size before queueing the request.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/bluetooth/mgmt.c
Default Status
unaffected
Versions
Affected
  • From b338d91703fae6f6afd67f3f75caa3b8f36ddef3 before 24fa32369cf15d8fc918bdfe94097b12e6acada0 (git)
  • From b338d91703fae6f6afd67f3f75caa3b8f36ddef3 before 244b639e6a3a8e26241e201004a3a9f764476631 (git)
  • From b338d91703fae6f6afd67f3f75caa3b8f36ddef3 before 0b706fb2294aff3adfd54653bda1b5e356ad4566 (git)
  • From b338d91703fae6f6afd67f3f75caa3b8f36ddef3 before edb5898cfa91afe7e8f83eda18d93034c953d632 (git)
  • From b338d91703fae6f6afd67f3f75caa3b8f36ddef3 before 562ed1954f0c1bff3422b7b752bd3dacf185edbf (git)
  • From b338d91703fae6f6afd67f3f75caa3b8f36ddef3 before bda93eec78cdbfe5cda00785cefebd443e56b88b (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/bluetooth/mgmt.c
Default Status
affected
Versions
Affected
  • 6.1
Unaffected
  • From 0 before 6.1 (semver)
  • From 6.1.168 through 6.1.* (semver)
  • From 6.6.134 through 6.6.* (semver)
  • From 6.12.81 through 6.12.* (semver)
  • From 6.18.22 through 6.18.* (semver)
  • From 6.19.12 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/24fa32369cf15d8fc918bdfe94097b12e6acada0
N/A
https://git.kernel.org/stable/c/244b639e6a3a8e26241e201004a3a9f764476631
N/A
https://git.kernel.org/stable/c/0b706fb2294aff3adfd54653bda1b5e356ad4566
N/A
https://git.kernel.org/stable/c/edb5898cfa91afe7e8f83eda18d93034c953d632
N/A
https://git.kernel.org/stable/c/562ed1954f0c1bff3422b7b752bd3dacf185edbf
N/A
https://git.kernel.org/stable/c/bda93eec78cdbfe5cda00785cefebd443e56b88b
N/A
Hyperlink: https://git.kernel.org/stable/c/24fa32369cf15d8fc918bdfe94097b12e6acada0
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/244b639e6a3a8e26241e201004a3a9f764476631
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/0b706fb2294aff3adfd54653bda1b5e356ad4566
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/edb5898cfa91afe7e8f83eda18d93034c953d632
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/562ed1954f0c1bff3422b7b752bd3dacf185edbf
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/bda93eec78cdbfe5cda00785cefebd443e56b88b
Resource: N/A
Details not found