Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved:Bluetooth: MGMT: validate LTK enc_size on load
Load Long Term Keys stores the user-provided enc_size and later uses
it to size fixed-size stack operations when replying to LE LTK
requests. An enc_size larger than the 16-byte key buffer can therefore
overflow the reply stack buffer.
Reject oversized enc_size values while validating the management LTK
record so invalid keys never reach the stored key state.
SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1264006 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue May 5 11:35:47 2026CVE page last modified: Fri May 8 12:08:59 2026