What is CVE-2026-53209?

CVE-2026-53209 is a unscored severity Linux kernel vulnerability. CVE-2026-53209 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-53209?

CVE-2026-53209 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-53209?

No patch is currently available for CVE-2026-53209. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2026-53209 actively exploited?

CVE-2026-53209 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-53209

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend Existing advertising instances can already hold the maximum extended advertising payload. When hci_adv_bcast_annoucement() prepends the Broadcast Announcement service data to that payload, the combined data may no longer fit in the temporary buffer used to rebuild the advertising data. Reject that case before copying the existing payload and report the failure through the device log. This keeps the existing advertising data intact and avoids overrunning the temporary buffer.

Package Linux Kernel

Published 2026-06-25

Last modified 2026-06-25

Patch available

Awaiting data