Bluetooth: SMP: force responder MITM requirements before building the pairing response

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-43334
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-08 14:16:43 UTC
Updated2026-05-08 14:16:43 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smp_cmd_pairing_req() currently builds the pairing response from the initiator auth_req before enforcing the local BT_SECURITY_HIGH requirement. If the initiator omits SMP_AUTH_MITM, the response can also omit it even though the local side still requires MITM. tk_request() then sees an auth value without SMP_AUTH_MITM and may select JUST_CFM, making method selection inconsistent with the pairing policy the responder already enforces. When the local side requires HIGH security, first verify that MITM can be achieved from the IO capabilities and then force SMP_AUTH_MITM in the response in both rsp.auth_req and auth. This keeps the responder auth bits and later method selection aligned.

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 2b64d153a0cc9d2b60e47be013cde8490f16e0a5 425a22c5373d4e1b46492ab869074ebeeade61f3 git Not specified
CNA Linux Linux affected 2b64d153a0cc9d2b60e47be013cde8490f16e0a5 7ab69426e7ecbd18a222ee2ec87ca612d30197d7 git Not specified
CNA Linux Linux affected 2b64d153a0cc9d2b60e47be013cde8490f16e0a5 01bb4045d2306c266178f49ce0c3576d237a3040 git Not specified
CNA Linux Linux affected 2b64d153a0cc9d2b60e47be013cde8490f16e0a5 91649c02c1baaa18cedf7fb425fa1f0f852c8183 git Not specified
CNA Linux Linux affected 2b64d153a0cc9d2b60e47be013cde8490f16e0a5 c8ff0ca6508535bccabd81c5c9dcc63de8a3d4fb git Not specified
CNA Linux Linux affected 2b64d153a0cc9d2b60e47be013cde8490f16e0a5 fa14e0e19820b1bbdb42185c9c4efa950bcffef9 git Not specified
CNA Linux Linux affected 2b64d153a0cc9d2b60e47be013cde8490f16e0a5 ec17efb1ef91506cfd17a77692eaf4bbacb520ea git Not specified
CNA Linux Linux affected 2b64d153a0cc9d2b60e47be013cde8490f16e0a5 d05111bfe37bfd8bd4d2dfe6675d6bdeef43f7c7 git Not specified
CNA Linux Linux affected 3.3 Not specified
CNA Linux Linux unaffected 3.3 semver Not specified
CNA Linux Linux unaffected 5.10.253 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.203 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.168 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.134 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.81 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.22 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.12 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/01bb4045d2306c266178f49ce0c3576d237a3040 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/425a22c5373d4e1b46492ab869074ebeeade61f3 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/c8ff0ca6508535bccabd81c5c9dcc63de8a3d4fb 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/fa14e0e19820b1bbdb42185c9c4efa950bcffef9 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/ec17efb1ef91506cfd17a77692eaf4bbacb520ea 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/7ab69426e7ecbd18a222ee2ec87ca612d30197d7 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/91649c02c1baaa18cedf7fb425fa1f0f852c8183 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/d05111bfe37bfd8bd4d2dfe6675d6bdeef43f7c7 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report