CVE-2026-43017

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Bluetooth MGMT component where the mesh send() function fails to verify that the bytes provided for the flexible adv data[] array match the embedded adv data len field. Because MGMT MESH SEND SIZE only covers the fixed header, a truncated command can bypass the 20 to 50 byte range check, potentially causing the asynchronous mesh send path to read past the end of the queued command buffer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.