CVE-2026-10651
btsdpparseattribute in subsys/bluetooth/host/classic/sdp.c validated only that the SDP record buffer held the type-marker byte plus the 2-byte attribute ID a check of buf-len data0 before its only bounds guard an ASSERTNOMSG that compiles out when CONFIGASSERT is disabled, the production default,...