Fluid Attacks Database

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length mesh_send() currently bounds MGMT_OP_MESH_SEND by total command length, but it never verifies that the bytes supplied for the flexible adv_data[] array actually match the embedded adv_data_len field. MGMT_MESH_SEND_SIZE only covers the fixed header, so a truncated command can still pass the existing 20..50 byte range check and later drive the async mesh send path past the end of the queued command buffer. Keep rejecting zero-length and oversized advertising payloads, but validate adv_data_len explicitly and require the command length to exactly match the flexible array size before queueing the request.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	linux	=6.12.38-1 \|\| =6.12.41-1 \|\| =6.12.43-1 \|\| =6.12.43-1~bpo12+1 \|\| =6.12.48-1 \|\| =6.12.57-1 \|\| =6.12.57-1~bpo12+1 \|\| =6.12.63-1 \|\| =6.12.63-1~bpo12+1 \|\| =6.12.69-1 \|\| =6.12.69-1~bpo12+1 \|\| =6.12.73-1 \|\| =6.12.73-1~bpo12+1 \|\| =6.12.74-1 \|\| =6.12.74-2 \|\| =6.12.74-2~bpo12+1 \|\| =6.12.85-1 \|\| =6.12.85-1~bpo12+1 \|\| =6.12.86-1 \|\| =6.13.10-1~exp1 \|\| =6.13.11-1~exp1 \|\| =6.13.2-1~exp1 \|\| =6.13.3-1~exp1 \|\| =6.13.4-1~exp1 \|\| =6.13.5-1~exp1 \|\| =6.13.6-1~exp1 \|\| =6.13.7-1~exp1 \|\| =6.13.8-1~exp1 \|\| =6.13.9-1~exp1 \|\| =6.13~rc6-1~exp1 \|\| =6.13~rc7-1~exp1 \|\| =6.14.3-1~exp1 \|\| =6.14.5-1~exp1 \|\| =6.14.6-1~exp1 \|\| =6.15-1~exp1 \|\| =6.15.1-1~exp1 \|\| =6.15.2-1~exp1 \|\| =6.15.3-1~exp1 \|\| =6.15.4-1~exp1 \|\| =6.15.5-1~exp1 \|\| =6.15.6-1~exp1 \|\| =6.15~rc7-1~exp1 \|\| =6.16-1~exp1 \|\| =6.16.1-1~exp1 \|\| =6.16.10-1 \|\| =6.16.11-1 \|\| =6.16.12-1 \|\| =6.16.12-1~bpo13+1 \|\| =6.16.12-2 \|\| =6.16.3-1 \|\| =6.16.3-1~bpo13+1 \|\| =6.16.5-1 \|\| =6.16.6-1 \|\| =6.16.7-1 \|\| =6.16.8-1 \|\| =6.16.9-1 \|\| =6.16~rc7-1~exp1 \|\| =6.17.10-1 \|\| =6.17.11-1 \|\| =6.17.12-1 \|\| =6.17.13-1 \|\| =6.17.13-1~bpo13+1 \|\| =6.17.2-1~exp1 \|\| =6.17.5-1~exp1 \|\| =6.17.6-1 \|\| =6.17.7-1 \|\| =6.17.7-2 \|\| =6.17.8-1 \|\| =6.17.8-1~bpo13+1 \|\| =6.17.9-1 \|\| =6.18.1-1~exp1 \|\| =6.18.10-1 \|\| =6.18.12-1 \|\| =6.18.12-1~bpo13+1 \|\| =6.18.13-1 \|\| =6.18.14-1 \|\| =6.18.15-1 \|\| =6.18.15-1~bpo13+1 \|\| =6.18.2-1~exp1 \|\| =6.18.3-1 \|\| =6.18.5-1 \|\| =6.18.5-1~bpo13+1 \|\| =6.18.8-1 \|\| =6.18.9-1 \|\| =6.18.9-1~bpo13+1 \|\| =6.18~rc4-1~exp1 \|\| =6.18~rc4-1~exp2 \|\| =6.18~rc5-1~exp1 \|\| =6.18~rc6-1~exp1 \|\| =6.18~rc7-1~exp1 \|\| =6.19-1~exp1 \|\| =6.19.10-1 \|\| =6.19.10-1~bpo13+1 \|\| =6.19.11-1 \|\| =6.19.11-1~bpo13+1 \|\| =6.19.2-1~exp1 \|\| =6.19.3-1~exp1 \|\| =6.19.4-1~exp1 \|\| =6.19.5-1~exp1 \|\| =6.19.6-1 \|\| =6.19.6-2 \|\| =6.19.6-2~bpo13+1 \|\| =6.19.8-1 \|\| =6.19.8-1~bpo13+1 \|\| =6.19~rc4-1~exp1 \|\| =6.19~rc5-1~exp1 \|\| =6.19~rc6-1~exp1 \|\| =6.19~rc7-1~exp1 \|\| =6.19~rc8-1~exp1 \|\| >=0 <6.19.12-1	6.19.12-1
debian 13	linux	=6.12.38-1 \|\| =6.12.41-1 \|\| =6.12.43-1 \|\| =6.12.43-1~bpo12+1 \|\| =6.12.48-1 \|\| =6.12.57-1 \|\| =6.12.57-1~bpo12+1 \|\| =6.12.63-1 \|\| =6.12.63-1~bpo12+1 \|\| =6.12.69-1 \|\| =6.12.69-1~bpo12+1 \|\| =6.12.73-1 \|\| =6.12.73-1~bpo12+1 \|\| =6.12.74-1 \|\| =6.12.74-2 \|\| =6.12.74-2~bpo12+1 \|\| =6.12.85-1~bpo12+1 \|\| >=0 <6.12.85-1	6.12.85-1
debian 12	linux	=6.1.106-1 \|\| =6.1.106-2 \|\| =6.1.106-3 \|\| =6.1.112-1 \|\| =6.1.115-1 \|\| =6.1.119-1 \|\| =6.1.123-1 \|\| =6.1.124-1 \|\| =6.1.128-1 \|\| =6.1.129-1 \|\| =6.1.133-1 \|\| =6.1.135-1 \|\| =6.1.137-1 \|\| =6.1.139-1 \|\| =6.1.140-1 \|\| =6.1.147-1 \|\| =6.1.148-1 \|\| =6.1.153-1 \|\| =6.1.158-1 \|\| =6.1.159-1 \|\| =6.1.162-1 \|\| =6.1.164-1 \|\| =6.1.27-1 \|\| =6.1.37-1 \|\| =6.1.38-1 \|\| =6.1.38-2 \|\| =6.1.38-2~bpo11+1 \|\| =6.1.38-3 \|\| =6.1.38-4 \|\| =6.1.38-4~bpo11+1 \|\| =6.1.52-1 \|\| =6.1.55-1 \|\| =6.1.55-1~bpo11+1 \|\| =6.1.64-1 \|\| =6.1.66-1 \|\| =6.1.67-1 \|\| =6.1.69-1 \|\| =6.1.69-1~bpo11+1 \|\| =6.1.76-1 \|\| =6.1.76-1~bpo11+1 \|\| =6.1.82-1 \|\| =6.1.85-1 \|\| =6.1.90-1 \|\| =6.1.90-1~bpo11+1 \|\| =6.1.94-1 \|\| =6.1.94-1~bpo11+1 \|\| =6.1.98-1 \|\| =6.1.99-1 \|\| >=0 <6.1.170-1	6.1.170-1
debian 11	linux-6.1	=6.1.106-3~deb11u1 \|\| =6.1.106-3~deb11u2 \|\| =6.1.106-3~deb11u3 \|\| =6.1.112-1~deb11u1 \|\| =6.1.119-1~deb11u1 \|\| =6.1.128-1~deb11u1 \|\| =6.1.129-1~deb11u1 \|\| =6.1.137-1~deb11u1 \|\| =6.1.140-1~deb11u1 \|\| =6.1.147-1~deb11u1 \|\| =6.1.148-1~deb11u1 \|\| =6.1.153-1~deb11u1 \|\| =6.1.158-1~deb11u1 \|\| =6.1.159-1~deb11u1 \|\| =6.1.162-1~deb11u1 \|\| =6.1.164-1~deb11u1 \|\| >=0 <6.1.170-1~deb11u1	6.1.170-1~deb11u1
rpm rhel9	kernel-rt	-	-
rpm rhel10	kernel	-	-
rpm rhel9	kernel	-	-

Aliases

1. CVE-2026-430172. NVD-2026-430173. OSV-DEBIAN-2026-430174. OSV-2026-430175. SECURITY-TRACKER-CVE-2026-43017

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.