CVE-2026-45834
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the Bluetooth L2CAP stack, causing a null pointer dereference in the l2cap_sock_state_change_cb() function. The issue was fixed by adding a NULL guard, similar to existing protections in l2cap_sock_resume_cb() and l2cap_sock_ready_cb().
Risk Assessment
An attacker could exploit this vulnerability to cause a system crash (kernel panic) by sending specially crafted Bluetooth packets, leading to a denial of service (DoS).
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit adding NULL guard in l2cap_sock_state_change_cb()).
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() Add the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb().

