CVE & CISA-KEV Catalog

CVE-2026-53255

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlv_data_is_valid() reads each advertising data field length from data[i], then inspects data[i + 1] for managed EIR types before checking that the current field still fits inside the supplied buffer. A malformed field whose length byte is the last byte of the buffer can therefore make the parser read one byte past the advertising data. KASAN reported the following when a malformed MGMT_OP_ADD_ADVERTISING request reached that path: BUG: KASAN: vmalloc-out-of-bounds in tlv_data_is_valid() Read of size 1 Call trace: tlv_data_is_valid() add_advertising() hci_mgmt_cmd() hci_sock_sendmsg() Move the existing element-length check before any type-octet inspection so each non-empty element is proven to contain its type byte before the parser looks at data[i + 1].

How to fix

Remediation Available
linuxDebian
Fixed in:5.10.259-1CVE-2026-53255
Fixed in:6.1.176-1CVE-2026-53255
Fixed in:6.12.94-1CVE-2026-53255
Fixed in:7.0.13-1CVE-2026-53255

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U

Exploit Intelligence

0.17%probability of exploitation in 30 days
7thpercentile

Low risk: more likely to be exploited than 7% of all known CVEs.

References

Embed a live status badge for CVE-2026-53255
CVE-2026-53255 severity badge

Markdown

[![CVE-2026-53255](https://tridentstack.com/cve/badge/CVE-2026-53255.svg)](https://tridentstack.com/cve/CVE-2026-53255)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-53255"><img src="https://tridentstack.com/cve/badge/CVE-2026-53255.svg" alt="CVE-2026-53255"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-30.