CVE-2026-43334

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Bluetooth Security Manager Protocol (SMP) where the smp cmd pairing req() function builds a pairing response based on the initiator's authentication requirements before enforcing local high security requirements. If the initiator omits the SMP AUTH MITM (Man-in-the-Middle protection) flag, the response may also omit it despite the local side requiring it. Consequently, the tk request() function may select an inconsistent pairing method, such as JUST CFM, which contradicts the responder's enforced pairing policy.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.