EUVD-2026-35353

🗓️ 09 Jun 2026 06:20:23Reported by EUVDType

Remote BLE peer triggers a 2-byte out-of-bounds write in L2CAP LE CoC SDU reassembly when segmentation is enabled and RX pool is small, causing ASan abort.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2026-5068	9 Jun 202608:59	–	circl
CNNVD	Zephyr 缓冲区错误漏洞	9 Jun 202600:00	–	cnnvd
CVE	CVE-2026-5068	9 Jun 202606:20	–	cve
Cvelist	CVE-2026-5068 bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data	9 Jun 202606:20	–	cvelist
NVD	CVE-2026-5068	9 Jun 202608:16	–	nvd
Positive Technologies	PT-2026-47704	9 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-5068	10 Jun 202608:59	–	redhatcve
Vulnrichment	CVE-2026-5068 bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data	9 Jun 202606:20	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "ffa8d21a-b504-3f0e-86fb-12d5713f21f3",
        "vendor": {
          "name": "zephyrproject-rtos"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "68740802-dcc2-3fab-943f-2c174cdad285",
        "product": {
          "name": "Zephyr",
          "vendor": {
            "name": "zephyrproject-rtos"
          }
        },
        "product_version": "1.14.0 ≤4.3.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qrcq-hxwj-mqxm

09 Jun 2026 13:10Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.17.6

EPSS0.00166

SSVC