CVE-2026-31497 in LinuxИнформация

Сводка

по MITRE • 22.04.2026

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: btusb: clamp SCO altsetting table indices

btusb_work() maps the number of active SCO links to USB alternate settings through a three-entry lookup table when CVSD traffic uses transparent voice settings. The lookup currently indexes alts[] with
data->sco_num - 1 without first constraining sco_num to the number of available table entries.

While the table only defines alternate settings for up to three SCO links, data->sco_num comes from hci_conn_num() and is used directly. Cap the lookup to the last table entry before indexing it so the driver keeps selecting the highest supported alternate setting without reading past alts[].

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

Linux

Резервировать

09.03.2026

Раскрытие

22.04.2026

Модерация

принято

Вход

VDB-358935

CPE

готов

CWE

CWE-200 (Неподтверждённый)

CVSS

5.5 (VulDB)

EPSS

0.00015

KEV

Нет

Деятельности

Очень низкий

Сектор

Telecommunication, Lawfirm, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-31497
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-31497
CVE Details	https://www.cvedetails.com/cve/CVE-2026-31497/

◂ Предыдущий Обзор Далее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!