CVE-2026-23395Integer Overflow or Wraparound in Linux

CWE-190Integer Overflow or Wraparound68 documents9 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 89.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25
Latest updateApr 20

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending (FLAG_DEFER_SETUP) which can cause more than L2CAP_ECRED_MAX_CID(5) to be allocated in l2cap_ecred_rsp_defer causing an overflow. The spec is quite clear that the same identifier shall not be used on subsequent requests: 'Wi

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

Linuxlinux/linux_kernel5.7.06.1.167+4
Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux15f02b91056253e8cdc592888f431da0731337b8fb4a3a26483f3ea2cd21c7a2f7c45d5670600465+6
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

4
VulDB
Linux Kernel up to 7.0-rc4 Bluetooth allocation of resources (EUVD-2026-15398)2026-04-20
OSV
CVE-2026-23395: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ Currently the code a2026-03-25
GHSA
GHSA-5r99-pj6c-hg6v: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ Currently the code2026-03-25
OSV
Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ2026-03-25

📋Vendor Advisories

4
Red Hat
kernel: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ2026-03-25
Microsoft
Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ2026-03-10
Oracle
Oracle Oracle Siebel CRM Risk Matrix: Application Interface (jquery-cookie) — CVE-2022-233952026-01-15
Debian
CVE-2026-23395: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ...2026

🕵️Threat Intelligence

59
Wiz
CVE-2025-68476 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-23356 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-1801 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-2303 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-23266 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23395 — Integer Overflow or Wraparound | cvebase