diff --git a/net/bluetooth/gatt.c b/net/bluetooth/gatt.c
index 1402380777b..44addd22fc2 100644
--- a/net/bluetooth/gatt.c
+++ b/net/bluetooth/gatt.c
@@ -246,10 +246,14 @@ int bt_gatt_attr_write_ccc(struct bt_conn *conn,
 	bool bonded;
 	size_t i;
 
-	if (len != sizeof(*data) || offset) {
+	if (offset > sizeof(*data)) {
 		return -EINVAL;
 	}
 
+	if (offset + len > sizeof(*data)) {
+		return -EFBIG;
+	}
+
 	if (bt_keys_find_addr(&conn->dst))
 		bonded = true;
 	else