CVE-2026-45835 Linux CVE debrief

Who should care

Linux system administrators managing Bluetooth-enabled systems, embedded device manufacturers using Bluetooth connectivity, kernel maintainers, and security teams tracking kernel-level Bluetooth vulnerabilities.

Technical summary

The vulnerability is a null-pointer dereference in `l2cap_sock_new_connection_cb()` within the Linux kernel's Bluetooth L2CAP implementation. The callback function fails to validate a pointer before dereferencing, leading to a potential kernel oops or crash. The resolution adds a NULL guard check consistent with defensive patterns already present in `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()`. The fix has been backported to multiple stable kernel branches as evidenced by five separate kernel.org stable commits.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from distribution vendors when available
• Monitor stable kernel releases for backported fixes
• Review Bluetooth L2CAP handling in custom kernel builds
• Validate Bluetooth stack configurations on affected systems

Evidence notes

CVE description confirms null-pointer-dereference in Bluetooth L2CAP socket callback. Fix pattern replicates existing guards in `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()`. Five kernel.org stable commit references indicate backports across multiple kernel versions. NVD status shows 'Awaiting Analysis' with no CVSS assigned. No KEV listing or known ransomware campaign use.

Official resources