Vulnerability Description: A read past the end of the buffer and division by zero security issue in QLowEnergyController on Linux has been discovered and has been assigned the CVE id CVE-2025-23050. Affected Versions: From Qt 5.4.0 to 5.15.18, 6.0.0 to 6.5.8, and 6.6.0 to 6.8.1. Impact: QlowEnergyController on Linux has a BlueZ DBus and a Bluetooth Kernel API backend. When using the Bluetooth Kernel API backend of QLowEnergyController, QtBluetooth creates a Bluetooth L2CAP socket to establish a connection with an external Bluetooth Low Energy device. After that, the external device can send malformed Bluetooth ATT commands to trigger read past the end of the buffer and division by zero errors. The problem is relevant for both central and peripheral roles. Solution: Apply the following patch or update to Qt 6.9.0 or 6.8.2 or 6.5.9 or 5.15.19. Patches: dev: https://codereview.qt-project.org/c/qt/qtconnectivity/+/614538 Qt 6.9: https://codereview.qt-project.org/c/qt/qtconnectivity/+/616915/2 Qt 6.8: https://codereview.qt-project.org/c/qt/qtconnectivity/+/617004 or https://download.qt.io/official_releases/qt/6.8/6.8.0/src/CVE-2025-23050-qtconnectivity-6.8.diff Qt 6.5: https://codereview.qt-project.org/c/qt/tqtc-qtconnectivity/+/617086 or https://download.qt.io/official_releases/qt/6.5.0/CVE-2025-23050-qtconnectivity-6.5.diff Qt 5.15: https://codereview.qt-project.org/c/qt/tqtc-qtconnectivity/+/617371 or https://download.qt.io/official_releases/qt/5.15/CVE-2025-23050-qtconnectivity-5.15.diff