CVE-2026-45834 Linux CVE debrief

Who should care

Linux system administrators managing Bluetooth-enabled systems, embedded device manufacturers using Bluetooth connectivity, kernel maintainers, and security teams tracking Linux kernel vulnerabilities should prioritize this fix. Organizations running Bluetooth services on Linux servers or IoT devices should monitor for kernel updates.

Technical summary

The vulnerability is a null-pointer dereference in `l2cap_sock_state_change_cb()`, a callback function in the Linux kernel's Bluetooth L2CAP socket implementation. The fix aligns this function with `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()` by adding a NULL pointer check before dereferencing. This prevents potential kernel crashes when the callback is invoked with an invalid socket state. The presence of five separate stable kernel commits suggests the fix has been backported to multiple maintained kernel versions.

Defensive priority

medium

Recommended defensive actions

• Apply the relevant stable kernel patch from the Linux kernel stable tree once available for your distribution
• Verify kernel version includes the fix by checking for commits addressing l2cap_sock_state_change_cb NULL pointer dereference
• Monitor distribution-specific security advisories for backported fixes
• Review Bluetooth L2CAP usage in environments where kernel stability is critical

Evidence notes

The vulnerability description indicates a null-pointer dereference in `l2cap_sock_state_change_cb()` within the Bluetooth L2CAP (Logical Link Control and Adaptation Protocol) subsystem. The resolution adds a NULL guard consistent with existing patterns in `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()`. Five stable kernel commits are referenced, suggesting backports to multiple kernel versions.

Official resources