U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2026-31512 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() l2cap_ecred_data_rcv() reads the SDU length field from skb->data using get_unaligned_le16() without first verifying that skb contains at least L2CAP_SDULEN_SIZE (2) bytes. When skb->len is less than 2, this reads past the valid data in the skb. The ERTM reassembly path correctly calls pskb_may_pull() before reading the SDU length (l2cap_reassemble_sdu, L2CAP_SAR_START case). Apply the same validation to the Enhanced Credit Based Flow Control data path.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/3340be2bafdcc806f048273ea6d8e82a6597aa1b kernel.org
https://git.kernel.org/stable/c/40c7f7eea2f4d9cb0b3e924254c8c9053372168f kernel.org
https://git.kernel.org/stable/c/477ad4976072056c348937e94f24583321938df4 kernel.org
https://git.kernel.org/stable/c/5ad981249be52f5e4e92e0e97b436b569071cb86 kernel.org
https://git.kernel.org/stable/c/8c96f3bd4ae0802db90630be8e9851827e9c9209 kernel.org
https://git.kernel.org/stable/c/c65bd945d1c08c3db756821b6bf9f1c4a77b29c6 kernel.org
https://git.kernel.org/stable/c/cef09691cfb61f6c91cc27c3d69634f81c8ab949 kernel.org
https://git.kernel.org/stable/c/e47315b84d0eb188772c3ff5cf073cdbdefca6b4 kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2026-31512
NVD Published Date:
04/22/2026
NVD Last Modified:
04/22/2026
Source:
kernel.org