Bug 2492762 (CVE-2026-53209)
| Summary: | CVE-2026-53209 kernel: Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the Bluetooth subsystem of the Linux kernel, specifically within the `hci_sync` component. This vulnerability occurs when the `hci_adv_bcast_annoucement()` function attempts to prepend Broadcast Announcement service data to an existing advertising payload that is already at its maximum size. This can lead to an oversized data packet that may overrun a temporary buffer, potentially causing a denial of service (DoS) or other unpredictable system behavior.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-06-25 10:04:24 UTC
|