diff --git a/components/bt/host/bluedroid/stack/btm/btm_devctl.c b/components/bt/host/bluedroid/stack/btm/btm_devctl.c
index e7bfc0740a..aa246e563f 100644
--- a/components/bt/host/bluedroid/stack/btm/btm_devctl.c
+++ b/components/bt/host/bluedroid/stack/btm/btm_devctl.c
@@ -1006,7 +1006,7 @@ tBTM_STATUS BTM_DeleteStoredLinkKey(BD_ADDR bd_addr, tBTM_CMPL_CB *p_cb)
 ** Returns          void
 **
 *******************************************************************************/
-void btm_delete_stored_link_key_complete (UINT8 *p)
+void btm_delete_stored_link_key_complete (UINT8 *p, UINT16 evt_len)
 {
     tBTM_CMPL_CB         *p_cb = btm_cb.devcb.p_stored_link_key_cmpl_cb;
     tBTM_DELETE_STORED_LINK_KEY_COMPLETE  result;
@@ -1018,10 +1018,16 @@ void btm_delete_stored_link_key_complete (UINT8 *p)
         /* Set the call back event to indicate command complete */
         result.event = BTM_CB_EVT_DELETE_STORED_LINK_KEYS;
 
+        if (evt_len < 3) {
+            BTM_TRACE_ERROR("Malformatted event packet, too short");
+            result.status = BTM_ERR_PROCESSING;
+            goto err_out;
+        }
         /* Extract the result fields from the HCI event */
         STREAM_TO_UINT8  (result.status, p);
         STREAM_TO_UINT16 (result.num_keys, p);
 
+err_out:
         /* Call the call back and pass the result */
         (*p_cb)(&result);
     }
diff --git a/components/bt/host/bluedroid/stack/btm/include/btm_int.h b/components/bt/host/bluedroid/stack/btm/include/btm_int.h
index c840f439d4..c9fc25fac6 100644
--- a/components/bt/host/bluedroid/stack/btm/include/btm_int.h
+++ b/components/bt/host/bluedroid/stack/btm/include/btm_int.h
@@ -1147,7 +1147,7 @@ void btm_vsc_complete (UINT8 *p, UINT16 cc_opcode, UINT16 evt_len,
 void btm_inq_db_reset (void);
 void btm_vendor_specific_evt (UINT8 *p, UINT8 evt_len);
 #if (CLASSIC_BT_INCLUDED == TRUE)
-void btm_delete_stored_link_key_complete (UINT8 *p);
+void btm_delete_stored_link_key_complete (UINT8 *p, UINT16 evt_len);
 #endif // (CLASSIC_BT_INCLUDED == TRUE)
 void btm_report_device_status (tBTM_DEV_STATUS status);
 void btm_set_afh_channels_complete (UINT8 *p);
diff --git a/components/bt/host/bluedroid/stack/btu/btu_hcif.c b/components/bt/host/bluedroid/stack/btu/btu_hcif.c
index b1153d92ca..3c53d15de4 100644
--- a/components/bt/host/bluedroid/stack/btu/btu_hcif.c
+++ b/components/bt/host/bluedroid/stack/btu/btu_hcif.c
@@ -964,7 +964,7 @@ static void btu_hcif_hdl_command_complete (UINT16 opcode, UINT8 *p, UINT16 evt_l
         break;
 #if (CLASSIC_BT_INCLUDED == TRUE)
     case HCI_DELETE_STORED_LINK_KEY:
-        btm_delete_stored_link_key_complete (p);
+        btm_delete_stored_link_key_complete (p, evt_len);
         break;
 #endif // (CLASSIC_BT_INCLUDED == TRUE)