CVE-2026-43334
Bluetooth SMP Security Bypass in Linux Kernel
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's Bluetooth Secure Simple Pairing (SMP) process. Specifically, when building the pairing response, the system does not enforce the local requirement for Man-In-The-Middle (MITM) protection before responding. If the initiator device omits the SMP_AUTH_MITM flag, the responder may also omit it, even if the local policy requires MITM protection. This leads to inconsistent method selection during pairing, potentially weakening the security of the Bluetooth connection.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a Bluetooth pairing process to proceed without the required Man-In-The-Middle (MITM) protection, even if your device's security policy demands it. This could enable an attacker to intercept or manipulate the Bluetooth pairing process, potentially compromising the confidentiality and integrity of the connection.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved in the Linux kernel by enforcing the local BT_SECURITY_HIGH requirement before building the pairing response in Bluetooth SMP. To mitigate this vulnerability, ensure your Linux kernel is updated to a version that includes this fix.
Specifically, the fix forces the responder to require MITM protection in the pairing response when the local side requires HIGH security, aligning the responder authentication bits and method selection with the pairing policy.