CVE-2026-31512

Source
https://cve.org/CVERecord?id=CVE-2026-31512
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31512.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-31512
Downstream
Related
Published
2026-04-22T13:54:30.171Z
Modified
2026-07-08T08:00:04.106813336Z
Summary
Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
Details

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddata_rcv()

l2capecreddatarcv() reads the SDU length field from skb->data using getunalignedle16() without first verifying that skb contains at least L2CAPSDULEN_SIZE (2) bytes. When skb->len is less than 2, this reads past the valid data in the skb.

The ERTM reassembly path correctly calls pskbmaypull() before reading the SDU length (l2capreassemblesdu, L2CAPSARSTART case). Apply the same validation to the Enhanced Credit Based Flow Control data path.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31512.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aac23bf636593cc2d67144aed373a46a1a5f76b1
Fixed
cef09691cfb61f6c91cc27c3d69634f81c8ab949
Fixed
3340be2bafdcc806f048273ea6d8e82a6597aa1b
Fixed
e47315b84d0eb188772c3ff5cf073cdbdefca6b4
Fixed
477ad4976072056c348937e94f24583321938df4
Fixed
40c7f7eea2f4d9cb0b3e924254c8c9053372168f
Fixed
8c96f3bd4ae0802db90630be8e9851827e9c9209
Fixed
5ad981249be52f5e4e92e0e97b436b569071cb86
Fixed
c65bd945d1c08c3db756821b6bf9f1c4a77b29c6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31512.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.14.0
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.168
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.131
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.80
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.21
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.11

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31512.json"