CVE-2026-43062

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Fix type confusion in l2cap ecred reconf rsp()

l2cap ecred reconf rsp() casts the incoming data to struct l2cap ecred conn rsp (the ECRED connection response, 8 bytes with result at offset 6) instead of struct l2cap ecred reconf rsp (2 bytes with result at offset 0).

This causes two problems:

The sizeof(*rsp) length check requires 8 bytes instead of the correct 2, so valid L2CAP ECRED RECONF RSP packets are rejected with -EPROTO.
rsp->result reads from offset 6 instead of offset 0, returning wrong data when the packet is large enough to pass the check.

Fix by using the correct type. Also pass the already byte-swapped result variable to BT DBG instead of the raw le16 field.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-43062

Affected Products

Linux

CVE-2026-43062

Related Identifiers

Affected Products

References · 9