Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()

...

SUSE CVE-2026-31512

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddatarcv l2capecreddatarcv reads the SDU length field from skb-data using getunalignedle16 without first verifying that skb contains at least...

EUVD-2026-24895

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddatarcv l2capecreddatarcv reads the SDU length field from skb-data using getunalignedle16 without first verifying that skb contains at least...

CVE-2026-31512

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddatarcv l2capecreddatarcv reads the SDU length field from skb-data using getunalignedle16 without first verifying that skb contains at least...

CVE-2026-31512

Mode C CVE-2026-31512 affects the Linux kernel Bluetooth L2CAP path. The vulnerability arises in l2cap_ecred_data_rcv() where the SDU length is read from skb->data using get_unaligned_le16() without first ensuring skb contains at least 2 bytes (L2CAP_SDULEN_SIZE). If skb->len

PT-2026-34417

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth L2CAP component where the l2cap ecred data rcv function reads the SDU length field from skb-data using get unaligned le16 without verifying that the sock...