Cyber Resilience

CVE-2026-46138

HighUpdated

Published: 28 May 2026

Published
28 May 2026
Modified
24 June 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0028 19.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-46138 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 19.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt hci_le_create_big_complete_evt() iterates over BT_BOUND connections for a BIG handle using a while loop, accessing ev->bis_handle[i++] on each iteration. However, there…

more

is no check that i stays within ev->num_bis before the array access. When a controller sends a LE_Create_BIG_Complete event with fewer bis_handle entries than there are BT_BOUND connections for that BIG, or with num_bis=0, the loop reads beyond the valid bis_handle[] flex array into adjacent heap memory. Since the out-of-bounds values typically exceed HCI_CONN_HANDLE_MAX (0x0EFF), hci_conn_set_handle() rejects them and the connection remains in BT_BOUND state. The same connection is then found again by hci_conn_hash_lookup_big_state(), creating an infinite loop with hci_dev_lock held. Fix this by terminating the BIG if in case not all BIS could be setup properly.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

OOB read + lock-holding infinite loop in Bluetooth LE event handler directly enables local/adjacent DoS via kernel hang or crash (Application or System Exploitation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

linux
linux kernel
7.1 · 6.4.16 — 6.5 · 6.5.3 — 6.6.140 · 6.7 — 6.12.88

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References