CVE-2026-31497 in Linuxinformación

Resumen

por MITRE • 2026-04-22

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btusb: clamp SCO altsetting table indices

btusb_work() maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup currently indexes alts[] with
data->sco_num - 1 without first constraining sco_num to the number of available table entries.

While the table only defines alternate settings for up to three SCO links, data->sco_num comes from hci_conn_num() and is used directly. Cap the lookup to the last table entry before indexing it so the driver keeps selecting the highest supported alternate setting without reading past alts[].

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Linux

Reservar

2026-03-09

Divulgación

2026-04-22

Moderación

aceptado

Artículo

VDB-358935

CPE

listo

CWE

CWE-200 (sin confirmar)

CVSS

5.5 (VulDB)

EPSS

0.00015

KEV

Actividades

muy bajo

Sector

Telecommunication, Energy, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-31497
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-31497
CVE Details	https://www.cvedetails.com/cve/CVE-2026-31497/

◂ Anterior Visión De Conjunto Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!