2 matches found
CVE-2026-46140
A flaw was found in the Linux kernel's Bluetooth subsystem, specifically within the btmtk driver. A remote attacker could exploit this vulnerability by sending a specially crafted Wireless Management Terminal WMT event response. The system processes these responses without properly validating the...
CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: validate WMT event SKB length before struct access btmtkusbhciwmtsync casts the WMT event response SKB data to struct btmtkhciwmtevt 7 bytes and struct btmtkhciwmtevtfuncc 9 bytes without first checking that the...