CVE-2026-43020

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: MGMT: validate LTK enc size on load

Load Long Term Keys stores the user-provided enc size and later uses it to size fixed-size stack operations when replying to LE LTK requests. An enc size larger than the 16-byte key buffer can therefore overflow the reply stack buffer.

Reject oversized enc size values while validating the management LTK record so invalid keys never reach the stored key state.