CVE-2026-45836 Linux CVE debrief

Who should care

Linux system administrators managing systems with Bluetooth hardware enabled; security teams tracking kernel vulnerabilities; embedded device manufacturers using Linux with Bluetooth support; organizations running Linux workstations or servers where Bluetooth is enabled

Technical summary

The vulnerability is a null-pointer dereference in the Linux kernel's Bluetooth L2CAP (Logical Link Control and Adaptation Protocol) socket implementation. Specifically, the callback function `l2cap_sock_get_sndtimeo_cb()` lacks a NULL pointer check that exists in similar callback functions. When triggered, this flaw causes a kernel oops or panic, resulting in system instability or crash. The fix adds a consistent NULL guard pattern across the L2CAP socket callback functions. This is a local denial-of-service vector that requires the ability to interact with Bluetooth sockets.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from your Linux distribution that include the fix for CVE-2026-45836
• Verify kernel version is updated to a patched release (check distribution security advisories for specific version numbers)
• If immediate patching is not possible, consider disabling Bluetooth if not required for system operation
• Monitor system logs for kernel oops or crash reports related to Bluetooth L2CAP operations
• Review systems with Bluetooth enabled for unexpected stability issues

Evidence notes

The CVE description indicates this is a resolved vulnerability in the Linux kernel Bluetooth L2CAP implementation. The fix adds a NULL guard to `l2cap_sock_get_sndtimeo_cb()` consistent with existing defensive patterns in `l2cap_sock_resume_cb()` and `l2cap_sock_ready_cb()`. Multiple stable kernel branch commits are referenced, indicating backports to supported kernel versions.

Official resources