CVE-2026-31497 in Linuxinformação

Sumário

de MITRE • 22/04/2026

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btusb: clamp SCO altsetting table indices

btusb_work() maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup currently indexes alts[] with
data->sco_num - 1 without first constraining sco_num to the number of available table entries.

While the table only defines alternate settings for up to three SCO links, data->sco_num comes from hci_conn_num() and is used directly. Cap the lookup to the last table entry before indexing it so the driver keeps selecting the highest supported alternate setting without reading past alts[].

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Linux

Reservar

09/03/2026

Divulgação

22/04/2026

Moderação

aceite

Entrada

VDB-358935

CPE

pronto

CWE

CWE-200 (não confirmado)

CVSS

5.5 (VulDB)

EPSS

0.00015

KEV

não

Atividades

muito baixo

Sector

Industry, Insurance, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-31497
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-31497
CVE Details	https://www.cvedetails.com/cve/CVE-2026-31497/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!