CVE-2026-43062

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A type confusion issue exists in the Bluetooth L2CAP component within the l2cap ecred reconf rsp() function. The function incorrectly casts incoming data to struct l2cap ecred conn rsp instead of struct l2cap ecred reconf rsp. This leads to two primary issues: valid L2CAP ECRED RECONF RSP packets are rejected because the length check expects 8 bytes instead of 2, and the rsp->result variable reads data from the wrong offset (offset 6 instead of offset 0) when packets are large enough to pass the initial check.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.