2 matches found
CVE-2026-5589 Out-of-bounds write caused by an integer underflow in the Bluetooth Mesh subsystem.
An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...
PT-2026-46319
Name of the Vulnerable Software and Affected Versions Bluetooth Mesh affected versions not specified Description An integer underflow occurs in the bt mesh sol recv function within the Bluetooth Mesh solicitation handling. When CONFIG BT MESH OD PRIV PROXY SRV is enabled, the function parses...