In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend

Existing advertising instances can already hold the maximum extended
advertising payload. When hci_adv_bcast_annoucement() prepends the
Broadcast Announcement service data to that payload, the combined data
may no longer fit in the temporary buffer used to rebuild the
advertising data.

Reject that case before copying the existing payload and report the
failure through the device log. This keeps the existing advertising
data intact and avoids overrunning the temporary buffer.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0018.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
63f365eb4d1668a04070151b555d55a07ede8d4b affected < 10b0e832cc05d7aef4b92bed912cbd4a395d0862
c621211b308816889f0a3246de448bfcef8ab3ab affected < 1338ee049a8910ba6c9cee963920e978e6893c7d
907ef6e12fb558a0763e894311eb245a94c192dd affected < 02f50e8bb69f9b22516163a09922f5537d3b12d1
5725bc608252050ed8a4d47d59225b7dd73474c8 affected < dafc9f57140e66a10945127aa7433c3d715dc253
5725bc608252050ed8a4d47d59225b7dd73474c8 affected < cdd8bbdbee763fdf5bf343e6f7d4e79347739f62
5725bc608252050ed8a4d47d59225b7dd73474c8 affected < 5c65b96b549ea2dcfde497436bf9e048deb87758
15da883c010cbc2a84aec1738b6ad6ee477846de affected
6.1.142 affected < 6.1.176
6.6.94 affected < 6.6.143
6.12.34 affected < 6.12.94
6.15.3 affected < 6.16
Linux Linux affected
Version Status Constraints
6.16 affected
0 unaffected < 6.16
6.1.176 unaffected ≤ 6.1.*
6.6.143 unaffected ≤ 6.6.*
6.12.94 unaffected ≤ 6.12.*
6.18.36 unaffected ≤ 6.18.*
7.0.13 unaffected ≤ 7.0.*
7.1 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/02f50e8bb69f9b22516163a09922f5537d3b12d1 cve-icon
https://git.kernel.org/stable/c/10b0e832cc05d7aef4b92bed912cbd4a395d0862 cve-icon
https://git.kernel.org/stable/c/1338ee049a8910ba6c9cee963920e978e6893c7d cve-icon
https://git.kernel.org/stable/c/5c65b96b549ea2dcfde497436bf9e048deb87758 cve-icon
https://git.kernel.org/stable/c/cdd8bbdbee763fdf5bf343e6f7d4e79347739f62 cve-icon
https://git.kernel.org/stable/c/dafc9f57140e66a10945127aa7433c3d715dc253 cve-icon
History

Thu, 25 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-120

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hci_adv_bcast_annoucement() prepends the Broadcast Announcement service data to that payload, the combined data may no longer fit in the temporary buffer used to rebuild the advertising data. Reject that case before copying the existing payload and report the failure through the device log. This keeps the existing advertising data intact and avoids overrunning the temporary buffer.
Title Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:14.915Z

Reserved: 2026-06-09T07:44:35.391Z

Link: CVE-2026-53209

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:00:12Z

Weaknesses