CVE-2026-43017

MEDIUM EPSS 2.4%
Published May 1, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 1, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length mesh_send() currently bounds MGMT_OP_MESH_SEND by total command length, but it never verifies that the bytes supplied for the flexible adv_data[] array actually match the embedded adv_data_len field. MGMT_MESH_SEND_SIZE only covers the fixed header, so a truncated command can still pass the existing 20..50 byte range check and later drive the async mesh send path past the end of the queued command buffer. Keep rejecting zero-length and oversized advertising payloads, but validate adv_data_len explicitly and require the command length to exactly match the flexible array size before queueing the request.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥6.1  –  <6.1.168
linuxlinux_kernel*≥6.2  –  <6.6.134
linuxlinux_kernel*≥6.7  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/0b706fb2294aff3adfd54653bda1b5e356ad4566
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/244b639e6a3a8e26241e201004a3a9f764476631
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/24fa32369cf15d8fc918bdfe94097b12e6acada0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/562ed1954f0c1bff3422b7b752bd3dacf185edbf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bda93eec78cdbfe5cda00785cefebd443e56b88b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/edb5898cfa91afe7e8f83eda18d93034c953d632
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0b706fb2294aff3adfd54653bda1b5e356ad4566
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/244b639e6a3a8e26241e201004a3a9f764476631
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/24fa32369cf15d8fc918bdfe94097b12e6acada0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/562ed1954f0c1bff3422b7b752bd3dacf185edbf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bda93eec78cdbfe5cda00785cefebd443e56b88b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/edb5898cfa91afe7e8f83eda18d93034c953d632
    Patch