cve-2026-46123

CVE-2026-46123 is a Linux kernel vulnerability in the virtio Bluetooth driver that involves unsafe receive-length handling. Published on May 28, 2026, the bug affects virtualized Linux systems where a guest kernel trusts the virtual device backend. The flaw highlights that in virtualization, assuming the device is trustworthy is not a valid security boundary. While the NVD entry remains unscored, the vulnerability is significant for environments using virtio Bluetooth. Discussions on WindowsForum.com cover the technical details, implications for virtualized setups, and the broader lesson about trust boundaries in virtualization. The tag aggregates threads and posts related to this specific CVE, its analysis, and potential mitigations.