diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index d790b0d4eb9a..5e1498cc04cd 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -7565,7 +7565,7 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
 	hci_req_complete_t req_complete = NULL;
 	hci_req_complete_skb_t req_complete_skb = NULL;
 	struct sk_buff *orig_skb = NULL;
-	u8 status = 0, event, req_evt = 0;
+	u8 status = 0, event, req_evt = 0, len;
 	u16 opcode = HCI_OP_NOP;
 
 	if (skb->len < sizeof(*hdr)) {
@@ -7585,6 +7585,13 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
 		goto done;
 	}
 
+	len = hdr->plen;
+	if (len != skb->len - HCI_EVENT_HDR_SIZE) {
+		bt_dev_warn(hdev, "Unexpected HCI Parameter Length 0x%2.2x",
+			    len);
+		goto done;
+	}
+
 	/* Only match event if command OGF is not for LE */
 	if (hdev->req_skb &&
 	    hci_opcode_ogf(hci_skb_opcode(hdev->req_skb)) != 0x08 &&